felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): add the app/kmod abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-16 21:50:48 +01:00
parent cb4f3af58e
commit 13b35b156e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
14 changed files with 53 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/profiles-g-l/hardinfo
View file

@ -184,15 +184,13 @@ profile hardinfo @{exec_path} {
profile kmod {
include <abstractions/base>
@{bin}/kmod mr,
include <abstractions/app/kmod>
@{sys}/module/** r,
@{PROC}/cmdline r,
@{PROC}/modules r,
@{PROC}/ioports r,
include if exists <local/hardinfo_kmod>
}
include if exists <local/hardinfo>

11
apparmor.d/profiles-g-l/hwinfo
View file

@ -68,20 +68,13 @@ profile hwinfo @{exec_path} {
profile kmod {
include <abstractions/base>
include <abstractions/consoles>
@{bin}/kmod mr,
/etc/modprobe.d/{,*.conf} r,
include <abstractions/app/kmod>
owner @{tmp}/hwinfo*.txt rw,
@{sys}/devices/@{pci}/drm/card@{int}/ r,
@{PROC}/cmdline r,
@{PROC}/modules r,
include if exists <local/hwinfo_udevadm>
include if exists <local/hwinfo_kmod>
}
profile udevadm {

10
apparmor.d/profiles-g-l/ifup
View file

@ -96,17 +96,11 @@ profile ifup @{exec_path} {
profile kmod {
include <abstractions/base>
@{bin}/kmod mr,
include <abstractions/app/kmod>
@{sys}/module/** r,
@{PROC}/cmdline r,
@{PROC}/modules r,
/etc/modprobe.d/ r,
/etc/modprobe.d/*.conf r,
include if exists <local/ifup_kmod>
}
profile sysctl {

6
apparmor.d/profiles-g-l/inxi
View file

@ -145,11 +145,7 @@ profile inxi @{exec_path} {
profile kmod {
include <abstractions/base>
@{bin}/kmod mr,
@{PROC}/cmdline r,
@{PROC}/modules r,
include <abstractions/app/kmod>
include if exists <local/inxi_kmod>
}

27
apparmor.d/profiles-g-l/kernel-install
View file

@ -33,7 +33,14 @@ profile kernel-install @{exec_path} {
/etc/kernel/install.d/ r,
/etc/kernel/install.d/*.install rix,
owner @{tmp}/sh-thd.* rw,
@{lib}/os-release r,
/etc/kernel/cmdline r,
/etc/kernel/tries r,
/etc/machine-id r,
/etc/os-release r,
/var/lib/dbus/machine-id r,
@{lib}/modules/*/modules.* w,
owner /boot/{vmlinuz,initrd.img}-* r,
owner /boot/[a-f0-9]*/*/ rw,
@ -42,25 +49,15 @@ profile kernel-install @{exec_path} {
owner /boot/loader/entries/ rw,
owner /boot/loader/entries/*.conf w,
@{lib}/modules/*/modules.* w,
owner @{tmp}/sh-thd.* rw,
/etc/os-release r,
@{lib}/os-release r,
/etc/kernel/tries r,
/etc/kernel/cmdline r,
@{PROC}/cmdline r,
/var/lib/dbus/machine-id r,
/etc/machine-id r,
profile kmod flags=(complain) {
profile kmod {
include <abstractions/base>
include <abstractions/app/kmod>
@{bin}/kmod mr,
include if exists <local/kernel-install_kmod>
}
include if exists <local/kernel-install>

11
apparmor.d/profiles-g-l/kvm-ok
View file

@ -32,16 +32,9 @@ profile kvm-ok @{exec_path} {
profile kmod {
include <abstractions/base>
include <abstractions/app/kmod>
@{bin}/kmod mr,
/etc/modprobe.d/ r,
/etc/modprobe.d/*.conf r,
@{lib}/modprobe.d/ r,
@{lib}/modprobe.d/*.conf r,
@{PROC}/cmdline r,
include if exists <local/kvm-ok_kmod>
}
include if exists <local/kvm-ok>