tty and pts are part of abstractions/consoles

2022-08-01 18:30:03 +02:00 · 2022-08-01 18:30:03 +02:00 · 005dec1a53
commit 005dec1a53
parent 7ee9644325
59 changed files with 58 additions and 65 deletions
--- a/apparmor.d/profiles-s-z/start-pulseaudio-x11
+++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11
@ -9,13 +9,13 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/start-pulseaudio-x11
 profile start-pulseaudio-x11 @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>

  @{exec_path} mr,

  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}bin/pactl      rPx,

-  /dev/tty rw,

  include if exists <local/start-pulseaudio-x11>
 }
--- a/apparmor.d/profiles-s-z/udisksctl
+++ b/apparmor.d/profiles-s-z/udisksctl
@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/udisksctl
 profile udisksctl @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>

  @{exec_path} mr,

@ -19,7 +20,6 @@ profile udisksctl @{exec_path} {
  /{usr/,}bin/less  rPx -> child-pager,
  /{usr/,}bin/more  rPx -> child-pager,

-  /dev/tty rw,

  include if exists <local/udisksctl>
 }
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/update-ca-trust
 profile update-ca-trust @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>
  include <abstractions/ssl_certs>

  capability dac_read_search,
@ -30,7 +31,6 @@ profile update-ca-trust @{exec_path} {
  /etc/ssl/certs/{,*} rw,
  /etc/ssl/certs/java/cacerts{,.*} w,

-  /dev/tty rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/profiles-s-z/wl-copy
+++ b/apparmor.d/profiles-s-z/wl-copy
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/wl-{copy,paste}
 profile wl-copy @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>

  @{exec_path} mr,

@ -19,7 +20,6 @@ profile wl-copy @{exec_path} {

  owner /tmp/wl-copy-buffer-*/{,**} rw,

-  /dev/tty rw,

  include if exists <local/wl-copy>
 }
--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}{local/,}{s,}bin/zpool
 profile zpool @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>
  include <abstractions/disks-read>

  capability sys_admin,
@ -31,7 +32,6 @@ profile zpool @{exec_path} {
  @{PROC}/@{pids}/mounts r,
  @{PROC}/sys/kernel/spl/hostid r,

-  /dev/pts/[0-9]* rw,
  /dev/zfs rw,

  include if exists <local/zpool>
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/zsysd /{usr/,}{s,}bin/zsysctl
 profile zsysd @{exec_path} flags=(complain) {
  include <abstractions/base>
+  include <abstractions/consoles>
  include <abstractions/dbus-strict>
  include <abstractions/nameservice-strict>

@ -41,7 +42,6 @@ profile zsysd @{exec_path} flags=(complain) {

  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

-  /dev/pts/[0-9]* rw,
  /dev/zfs rw,

  include if exists <local/zsysd>