From 010ccf43e35d7ed51f611d216dc4353a52957225 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 18 May 2025 23:06:21 +0200 Subject: [PATCH] feat(profile): add profile for t-methods-sq. --- apparmor.d/groups/apt/apt-methods-sqv | 42 +++++++++++++++++++++++++++ dists/flags/main.flags | 1 + 2 files changed, 43 insertions(+) create mode 100644 apparmor.d/groups/apt/apt-methods-sqv diff --git a/apparmor.d/groups/apt/apt-methods-sqv b/apparmor.d/groups/apt/apt-methods-sqv new file mode 100644 index 000000000..416328cd4 --- /dev/null +++ b/apparmor.d/groups/apt/apt-methods-sqv @@ -0,0 +1,42 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2019-2021 Mikhail Morfikov +# Copyright (C) 2021-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/apt/methods/sqv +profile apt-methods-sqv @{exec_path} { + include + include + include + + # To handle the _apt user + capability setgid, + capability setuid, + + signal receive set=int peer=apt, + + @{exec_path} mr, + + @{bin}/sqv ix, + + /usr/share/apt/default-sequoia.config r, + /usr/share/keyrings/debian-archive-keyring.gpg r, + /usr/share/keyrings/debian-archive-keyring.pgp r, + + owner /var/lib/apt/lists/{,**} r, + + owner /tmp/apt.data.@{rand6} rw, + owner /tmp/apt.sig.@{rand6} rw, + owner /tmp/apt.sqverr.@{rand6} rw, + owner /tmp/apt.sqvout.@{rand6} rw, + + @{PROC}/@{pid}/fd/ r, + + include if exists +} + +# vim:syntax=apparmor diff --git a/dists/flags/main.flags b/dists/flags/main.flags index aa62f9108..d2c57b682 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -27,6 +27,7 @@ akonadi_notes_agent complain akonadi_sendlater_agent complain akonadi_unifiedmailbox_agent complain anacron complain +apt-methods-sqv complain at complain atd complain auditctl attach_disconnected,complain