felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-08-06 16:30:38 +02:00
parent cdc10fdb31
commit 1cac6715db
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
24 changed files with 64 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/profiles-m-r/nfsdcld
View file

@ -10,7 +10,16 @@ include <tunables/global>
profile nfsdcld @{exec_path} {
include <abstractions/base>
capability mknod,
capability setpcap,
@{exec_path} mr,
/etc/nfs.conf r,
/etc/nfs.conf rk,
/var/lib/nfs/nfsdcld/{,**} rw,
/var/lib/nfs/rpc_pipefs/nfsd/* rw,
include if exists <local/nfsdcld>
}

4
apparmor.d/profiles-m-r/nvtop
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile nvtop @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/nameservice-strict>
include <abstractions/opencl-nvidia>
@ -36,8 +37,9 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/drm/ r,
@{sys}/devices/pci[0-9]*/**/enable r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/gt_cur_freq_mhz r,
@{sys}/devices/pci[0-9]*/**/enable r,
@{sys}/devices/system/node/node[0-9]*/cpumap r,
@{PROC}/ r,
@{PROC}/@{pids}/ r,

3
apparmor.d/profiles-m-r/pass
View file

@ -86,7 +86,7 @@ profile pass @{exec_path} {
owner @{user_cache_dirs}/vim/{,**} rw,
owner @{user_config_dirs}/vim/{,**} rw,
/dev/shm/pass.*/{,*} rw,
owner /dev/shm/pass.*/{,*} rw,
deny owner @{HOME}/ r,
@ -140,6 +140,7 @@ profile pass @{exec_path} {
owner @{user_password_store_dirs}/ rw,
owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner /dev/shm/pass.*/{,*} rw,
include if exists <local/pass_gpg>
}