General update

2022-08-01 18:31:32 +02:00 · 2022-08-01 18:31:32 +02:00 · 099a97cb36
commit 099a97cb36
parent 575d781c88
26 changed files with 137 additions and 23 deletions
--- a/apparmor.d/groups/systemd/child-systemctl
+++ b/apparmor.d/groups/systemd/child-systemctl
@ -35,6 +35,8 @@ profile child-systemctl flags=(attach_disconnected) {

  /etc/systemd/user/{,**} rwl,

+  @{run}/systemd/private rw,
+
  owner @{PROC}/@{pid}/stat r,
        @{PROC}/sys/kernel/osrelease r,
        @{PROC}/1/environ r,
--- a/apparmor.d/groups/systemd/systemd-analyze
+++ b/apparmor.d/groups/systemd/systemd-analyze
@ -11,11 +11,24 @@ include <tunables/global>
 profile systemd-analyze @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
+  include <abstractions/dbus-strict>
  include <abstractions/systemd-common>

  capability sys_resource,
  capability net_admin,

+  dbus send bus=system path=/org/freedesktop/systemd1
+      interface=org.freedesktop.DBus.Properties
+      member=GetAll,
+
+  dbus send bus=system path=/org/freedesktop/systemd1
+      interface=org.freedesktop.systemd1.Manager
+      member=ListUnits,
+
+  dbus send bus=system path=/org/freedesktop/systemd1/unit/*
+      interface=org.freedesktop.DBus.Properties
+      member=GetAll,
+
  signal (send) peer=child-pager,

  network inet dgram,
@ -38,7 +51,10 @@ profile systemd-analyze @{exec_path} {

  owner /tmp/systemd-temporary-*/ rw,

+  @{run}/systemd/generator/ r,
+  @{run}/systemd/private rw,
  @{run}/systemd/system/ r,
+  @{run}/systemd/transient/ r,
  @{run}/systemd/userdb/io.systemd.DynamicUser w,
  @{run}/udev/data/* r,
  @{run}/udev/tags/systemd/ r,