felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-04-03 21:04:18 +01:00
parent 4490db45c9
commit 095254864f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 52 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/abstractions/common/bwrap
View file

@ -17,8 +17,8 @@
network netlink raw,
mount options=(rw rbind) -> /newroot/{,**},
mount options=(rw rbind) /tmp/newroot/ -> /tmp/newroot/,
mount options=(rw rbind) /oldroot/{,**} -> /newroot/{,**},
mount options=(rw silent rprivate) -> /oldroot/,
mount options=(rw silent rslave) -> /,
mount fstype=devpts options=(rw nosuid noexec) devpts -> /newroot/dev/pts/,
@ -40,10 +40,9 @@
owner /tmp/newroot/ w,
owner /tmp/oldroot/ w,
@{PROC}/sys/kernel/overflowgid r,
@{PROC}/sys/kernel/overflowuid r,
@{PROC}/sys/user/max_user_namespaces r,
@{PROC}/sys/user/max_user_namespaces rw,
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/gid_map rw,

1
apparmor.d/abstractions/common/electron
View file

@ -74,6 +74,7 @@
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/gid_map w, # If kernel.unprivileged_userns_clone = 1
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/oom_score_adj rw,
owner @{PROC}/@{pid}/setgroups w, # If kernel.unprivileged_userns_clone = 1
owner @{PROC}/@{pid}/stat r,