General update

2022-08-01 18:31:32 +02:00 · 2022-08-01 18:31:32 +02:00 · 099a97cb36
commit 099a97cb36
parent 575d781c88
26 changed files with 137 additions and 23 deletions
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@ -23,7 +23,8 @@ profile zsysd @{exec_path} flags=(complain) {
  @{exec_path}                   rmix,
  /{usr/,}{local/,}{s,}bin/zfs   rPx,
  /{usr/,}{local/,}{s,}bin/zpool rPx,
-  /{usr/,}{s,}bin/update-grub    rPUx,
+  # ALLOWED zsysd exec /usr/sbin/update-grub info="no new privs" comm=zsysd requested_mask=x denied_mask=x error=-1
+  /{usr/,}{s,}bin/update-grub    rPx,

  /etc/hostid r,
  /etc/zsys.conf r,
@ -35,10 +36,10 @@ profile zsysd @{exec_path} flags=(complain) {
  @{run}/zsys-snapshot.unattended-upgrades rw,
  @{run}/zsysd.sock rw,

-  owner @{PROC}/@{pids}/stat r,
-        @{PROC}/@{pids}/mounts r,
-        @{PROC}/cmdline r,
-        @{PROC}/sys/kernel/spl/hostid r,
+  @{PROC}/@{pids}/stat r,
+  @{PROC}/@{pids}/mounts r,
+  @{PROC}/cmdline r,
+  @{PROC}/sys/kernel/spl/hostid r,

  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,