feat(profiles): modernize udev access.

2023-08-24 19:31:54 +01:00 · 2023-08-24 19:31:54 +01:00 · 07cfbcd952
commit 07cfbcd952
parent 73cb5a4545
37 changed files with 234 additions and 229 deletions
--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@ -41,24 +41,25 @@ profile systemd-journald @{exec_path} {
  @{run}/udev/data/+acpi:*      r,
  @{run}/udev/data/+bluetooth:* r,
  @{run}/udev/data/+hid:*       r,
+  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
  @{run}/udev/data/+pci:*       r,
-  @{run}/udev/data/+platform*   r,
+  @{run}/udev/data/+platform:*   r,
  @{run}/udev/data/+scsi:*      r,
  @{run}/udev/data/+sdio:*      r,
  @{run}/udev/data/+usb-serial:* r,
  @{run}/udev/data/+usb:*       r,
  @{run}/udev/data/+virtio:*    r,
-  @{run}/udev/data/c1:[0-9]*    r,    # For RAM disk
-  @{run}/udev/data/c4:[0-9]* r,       # For TTY devices
-  @{run}/udev/data/c10:[0-9]*   r,    # For non-serial mice, misc features
-  @{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters
-  @{run}/udev/data/c29:[0-9]* r,      # For CD-ROM
-  @{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254
-  @{run}/udev/data/c24[0-9]:[0-9]* r,
-  @{run}/udev/data/c25[0-4]:[0-9]* r,
-  @{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511
-  @{run}/udev/data/c4[0-9]*:[0-9]* r,
-  @{run}/udev/data/c5[0-9]*:[0-9]* r,
+  @{run}/udev/data/c1:@{int}    r,        # For RAM disk
+  @{run}/udev/data/c4:@{int} r,           # For TTY devices
+  @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
+  @{run}/udev/data/c18[8-9]:[0-9]* r,     # USB devices & USB serial converters
+  @{run}/udev/data/c29:[0-9]* r,          # For CD-ROM
+  @{run}/udev/data/c23[4-9]:@{int} r,     # For dynamic assignment range 234 to 254
+  @{run}/udev/data/c24[0-9]:@{int} r,
+  @{run}/udev/data/c25[0-4]:@{int} r,
+  @{run}/udev/data/c3[0-9]*:@{int} r,     # For dynamic assignment range 384 to 511
+  @{run}/udev/data/c4[0-9]*:@{int} r,
+  @{run}/udev/data/c5[0-9]*:@{int} r,

  @{sys}/devices/**/uevent r,
  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@ -68,7 +68,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
  owner @{run}/systemd/netif/lldp/ rw,
  owner @{run}/systemd/netif/state rw,

-  @{run}/udev/data/n[0-9]* r,
+  @{run}/udev/data/n@{int} r,

  @{sys}/devices/**/net/** r,
  @{sys}/devices/pci[0-9]*/**/ r,