felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update apparmor profiles

Browse source 
Adpated to the apparmor.d structure.

Signed-off-by: Mikhail Morfikov <mmorfikov@gmail.com>
This commit is contained in:
Mikhail Morfikov 2021-04-03 12:03:57 +02:00 committed by Alexandre Pujol
parent 19521569ce
commit 046443a702
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
35 changed files with 798 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

27
apparmor.d/groups/gvfs/gvfsd-fuse
View file

@ -13,13 +13,34 @@ profile gvfsd-fuse @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/fusermount{,3} rPx,
/{usr/,}bin/fusermount{,3} rCx -> fusermount,
mount fstype={fuse,fuse.*} -> @{run}/user/[0-9]*/gvfs/,
@{PROC}/sys/fs/pipe-max-size r,
/dev/fuse rw,
profile fusermount {
include <abstractions/base>
include <abstractions/nameservice-strict>
# To mount anything:
capability sys_admin,
capability dac_read_search,
/{usr/,}bin/fusermount{,3} mr,
mount fstype={fuse,fuse.*} -> @{run}/user/[0-9]*/gvfs/,
umount @{run}/user/[0-9]*/**/,
/etc/fuse.conf r,
/dev/fuse rw,
@{PROC}/@{pid}/mounts r,
}
include if exists <local/gvfsd-fuse>
}