Update profiles.

2022-02-22 20:51:28 +00:00 · 2022-02-22 20:51:28 +00:00 · 2064783251
commit 2064783251
parent 0ee2e4f7ad
14 changed files with 61 additions and 45 deletions
--- a/apparmor.d/groups/pacman/pacdiff
+++ b/apparmor.d/groups/pacman/pacdiff
@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = /{usr/,}bin/pacdiff
-profile pacdiff @{exec_path} {
+profile pacdiff @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>

  capability dac_read_search,
@ -38,5 +38,8 @@ profile pacdiff @{exec_path} {

  /dev/tty rw,

+  # Inherit Silencer
+  deny /apparmor/.null rw,
+
  include if exists <local/pacdiff>
 }
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@ -57,6 +57,7 @@ profile pacman @{exec_path} {
  /{usr/,}bin/gettext                     rix,
  /{usr/,}bin/ghc-pkg-*                   rix,
  /{usr/,}bin/grep                        rix,
+  /{usr/,}bin/killall                     rix,
  /{usr/,}bin/rm                          rix,
  /{usr/,}bin/setcap                      rix,
  /{usr/,}bin/vercmp                      rix,
@ -73,7 +74,7 @@ profile pacman @{exec_path} {
  /{usr/,}bin/gtk-query-immodules-{2,3}.0 rPx,
  /{usr/,}bin/install-info                rPx,
  /{usr/,}bin/journalctl                  rPx,
-  /{usr/,}bin/killall                     rPx,
+  /{usr/,}bin/locale-gen                  rPx,
  /{usr/,}bin/pacdiff                     rPx,
  /{usr/,}bin/pacman-key                  rPx,
  /{usr/,}bin/sysctl                      rPx,
--- a/apparmor.d/groups/pacman/pacman-conf
+++ b/apparmor.d/groups/pacman/pacman-conf
@ -19,5 +19,7 @@ profile pacman-conf @{exec_path} flags=(attach_disconnected) {
  /etc/pacman.d/mirrorlist r,
  /etc/pacman.d/*-mirrorlist r,

+  deny /apparmor/.null rw,
+
  include if exists <local/pacman-conf>
 }