felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Profiles update.

Browse source
This commit is contained in:
Alexandre Pujol 2021-09-26 17:28:26 +01:00
parent 937171d40c
commit 18e4745fb1
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
27 changed files with 103 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/pacman/mkinitcpio
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/mkinitcpio
profile mkinitcpio @{exec_path} {
profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@ -89,6 +89,7 @@ profile mkinitcpio @{exec_path} {
deny @{HOME}/** r,
deny network inet6 stream,
deny network inet stream,
deny /apparmor/.null rw,
include if exists <local/mkinitcpio>
}

1
apparmor.d/groups/pacman/pacman
View file

@ -45,6 +45,7 @@ profile pacman @{exec_path} {
# Pacman hooks & install scripts
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/{,ba}sh rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/dot rix,
/{usr/,}bin/env rix,
/{usr/,}bin/rm rix,

4
apparmor.d/groups/pacman/pacman-hook-gio
View file

@ -10,6 +10,8 @@ include <tunables/global>
profile pacman-hook-gio @{exec_path} {
include <abstractions/base>
capability dac_read_search,
@{exec_path} mr,
/{usr/,}bin/bash rix,
@ -19,6 +21,8 @@ profile pacman-hook-gio @{exec_path} {
/{usr/,}lib/gio/modules/giomodule.cache{,.[0-9A-Z]*} rw,
/{usr/,}lib/gtk-{3,4}.0/**/*/ rw,
/usr/lib/gio/modules/ rw,
/dev/tty rw,
# Inherit Silencer