update apparmor profiles

Adpated to the apparmor.d structure. Signed-off-by: Mikhail Morfikov <mmorfikov@gmail.com>
2021-04-10 08:11:07 +02:00 · 2021-04-10 08:11:07 +02:00 · 0573b2d996
commit 0573b2d996
parent c1e2b1d15e
29 changed files with 534 additions and 23 deletions
--- a/apparmor.d/groups/apps/atom
+++ b/apparmor.d/groups/apps/atom
@ -120,7 +120,7 @@ profile atom @{exec_path} {
  #  Failed to adjust OOM score of renderer with pid : Permission denied
  deny owner @{PROC}/@{pid}/oom_{,score_}adj rw,
       owner @{PROC}/@{pids}/task/ r,
-  deny owner @{PROC}/@{pids}/task/@{tid}/status r,
+       owner @{PROC}/@{pids}/task/@{tid}/status r,
       owner @{PROC}/@{pid}/mountinfo r,
       owner @{PROC}/@{pid}/mounts r,
  deny owner @{PROC}/@{pid}/loginuid r,
--- a/apparmor.d/groups/apps/code
+++ b/apparmor.d/groups/apps/code
@ -99,7 +99,7 @@ profile code @{exec_path} {
  #  Failed to adjust OOM score of renderer with pid : Permission denied
  deny owner @{PROC}/@{pid}/oom_{,score_}adj rw,
       owner @{PROC}/@{pids}/task/ r,
-  deny owner @{PROC}/@{pids}/task/@{tid}/status r,
+       owner @{PROC}/@{pids}/task/@{tid}/status r,
       owner @{PROC}/@{pid}/mountinfo r,
       owner @{PROC}/@{pid}/mounts r,
  deny owner @{PROC}/@{pid}/net/dev r,
--- a/apparmor.d/groups/apps/discord
+++ b/apparmor.d/groups/apps/discord
@ -82,7 +82,7 @@ profile discord @{exec_path} {
  deny       @{PROC}/vmstat r,
  deny owner @{PROC}/@{pid}/oom_{,score_}adj rw,
       owner @{PROC}/@{pids}/task/ r,
-  deny owner @{PROC}/@{pids}/task/@{tid}/status r,
+             @{PROC}/@{pids}/task/@{tid}/status r,
  deny       @{PROC}/@{pids}/stat r,
  deny owner @{PROC}/@{pids}/statm r,
  deny       @{PROC}/@{pids}/cmdline r,
--- a/apparmor.d/groups/apps/freetube
+++ b/apparmor.d/groups/apps/freetube
@ -73,8 +73,7 @@ profile freetube @{exec_path} {
       owner @{PROC}/@{pid}/fd/ r,
  #          @{PROC}/@{pid}/fd/ r,
             @{PROC}/@{pids}/task/ r,
-  deny owner @{PROC}/@{pids}/task/@{tid}/status r,
-  #          @{PROC}/@{pids}/task/@{tid}/status r,
+             @{PROC}/@{pids}/task/@{tid}/status r,
  deny       @{PROC}/@{pids}/stat r,
  deny owner @{PROC}/@{pids}/statm r,
  deny owner @{PROC}/@{pid}/cmdline r,
--- a/apparmor.d/groups/apps/spotify
+++ b/apparmor.d/groups/apps/spotify
@ -46,7 +46,7 @@ profile spotify @{exec_path} {
       owner @{PROC}/@{pid}/fd/ r,
  deny owner @{PROC}/@{pids}/task/ r,
  deny owner @{PROC}/@{pids}/task/@{tid}/stat r,
-  deny owner @{PROC}/@{pids}/task/@{tid}/status r,
+       owner @{PROC}/@{pids}/task/@{tid}/status r,
  deny       @{PROC}/@{pids}/stat r,
  deny owner @{PROC}/@{pid}/cmdline r,
  deny owner @{PROC}/@{pids}/oom_score_adj w,