Update mdadm
There were lots of missing components of mdadm. I have a few scripts that create and tear down MD RAID arrays. I've ran them all and added the missing entries. Note that mdadm has the ability to run in daemon mode and send mail when an array fails. That's why it requires all the network entries.
This commit is contained in:
doublez13
Alex
parent
865bac4cc6
commit
0c90adb24d
1 changed files with 15 additions and 0 deletions
|
|
@ -1,5 +1,6 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2025 Zane Zakraisek <zz@eng.utah.edu>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/4.0>,
|
||||
|
|
@ -14,12 +15,22 @@ profile mdadm @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability dac_read_search,
|
||||
capability sys_admin,
|
||||
capability mknod,
|
||||
capability net_admin,
|
||||
|
||||
network netlink raw,
|
||||
|
||||
mqueue (read getattr) type=posix /,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/sendmail rPUx,
|
||||
|
||||
/etc/mdadm.conf r,
|
||||
|
||||
@{run}/initctl r,
|
||||
@{run}/mdadm/* rwk,
|
||||
|
||||
/var/tmp/mkinitramfs_@{rand6}/etc/mdadm/mdadm.conf.tmp rw,
|
||||
|
||||
|
|
@ -27,13 +38,17 @@ profile mdadm @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/@{pci}/class r,
|
||||
@{sys}/devices/@{pci}/device r,
|
||||
@{sys}/devices/@{pci}/vendor r,
|
||||
@{sys}/devices/virtual/block/md*/** rw,
|
||||
@{sys}/module/md_mod/** rw,
|
||||
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/kcore r,
|
||||
@{PROC}/partitions r,
|
||||
@{PROC}/mdstat rw,
|
||||
|
||||
/dev/**/ r,
|
||||
/dev/.tmp.md.* rw,
|
||||
|
||||
include if exists <local/mdadm>
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue