felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(fsp): sdu: add consoles

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-06 21:53:53 +02:00
parent 223f611dfc
commit 13680be0a6
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/_full/sdu
View file

@ -23,6 +23,7 @@ profile sdu flags=(attach_disconnected,mediate_deleted) {
include <abstractions/audio-server> include <abstractions/audio-server>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/xdg-desktop> include <abstractions/xdg-desktop>
@ -108,6 +109,8 @@ profile sdu flags=(attach_disconnected,mediate_deleted) {
owner @{PROC}/@{pid}/oom_score_adj rw, owner @{PROC}/@{pid}/oom_score_adj rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/kmsg w,
deny capability net_admin, deny capability net_admin,
profile shell flags=(attach_disconnected,mediate_deleted,complain) { profile shell flags=(attach_disconnected,mediate_deleted,complain) {
@ -123,10 +126,10 @@ profile sdu flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base> include <abstractions/base>
include <abstractions/app/systemctl> include <abstractions/app/systemctl>
audit capability net_admin,
owner @{run}/user/@{uid}/systemd/private rw, owner @{run}/user/@{uid}/systemd/private rw,
deny capability net_admin,
include if exists <usr/sdu_systemctl.d> include if exists <usr/sdu_systemctl.d>
include if exists <local/sdu_systemctl> include if exists <local/sdu_systemctl>
} }