feat(abs): add udevadm app abstraction.

2024-06-15 16:40:11 +01:00 · 2024-06-15 16:40:11 +01:00 · 035e1da7b2
commit 035e1da7b2
parent 39bfa9a40b
14 changed files with 51 additions and 178 deletions
--- a/apparmor.d/abstractions/app/udevadm
+++ b/apparmor.d/abstractions/app/udevadm
@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  ptrace read peer=@{p_systemd},
+
+  @{bin}/udevadm mr,
+
+  /etc/udev/udev.conf r,
+
+  @{run}/udev/data/* r,
+
+  @{sys}/** r,
+
+        @{PROC}/1/cgroup r,
+        @{PROC}/1/environ r,
+        @{PROC}/1/sched r,
+        @{PROC}/cmdline r,
+        @{PROC}/sys/kernel/osrelease r,
+        @{PROC}/sys/kernel/random/boot_id r,
+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/stat r,
+
+  include if exists <abstractions/app/udevadm.d>
+
+# vim:syntax=apparmor