feat(profiles): general update.

2022-07-10 14:28:44 +01:00 · 2022-07-10 14:28:44 +01:00 · 23642eb0be
commit 23642eb0be
parent c0e62f30bb
14 changed files with 39 additions and 18 deletions
--- a/apparmor.d/groups/cron/cron-apport
+++ b/apparmor.d/groups/cron/cron-apport
@ -18,6 +18,7 @@ profile cron-apport @{exec_path} {

  / r,
  /var/crash/ r,
+  /var/crash/*.crash w,

  include if exists <local/cron-apport>
 }
--- a/apparmor.d/groups/gnome/gnome-characters-backgroudservice
+++ b/apparmor.d/groups/gnome/gnome-characters-backgroudservice
@ -13,6 +13,8 @@ profile gnome-characters-backgroudservice @{exec_path} {

  @{exec_path} mr,

+  /{usr/,}bin/gjs-console rix,
+
  /usr/share/icons/{,**} r,
  /usr/share/themes/{,**} r,
  /usr/share/X11/xkb/{,**} r,
--- a/apparmor.d/groups/network/ModemManager
+++ b/apparmor.d/groups/network/ModemManager
@ -37,7 +37,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {

  dbus receive bus=system path=/org/freedesktop/login[0-9]
       interface=org.freedesktop.login[0-9].Manager
-       member={UserNew,SessionNew,PrepareForShutdown,SeatNew},
+       member={UserNew,SessionNew,PrepareForShutdown,SeatNew,UserRemoved,SessionRemoved},

  dbus bind bus=system
       name=org.freedesktop.ModemManager[0-9],
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@ -29,7 +29,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {

  dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]
       interface=org.freedesktop.systemd[0-9].Manager
-       member={StartUnit,StartTransientUnit,Subscribe,JobRemoved,UnitRemoved,Reloading,Subscribe},
+       member={StartUnit,StartTransientUnit,Subscribe,JobRemoved,UnitRemoved,Reloading,Subscribe,StopUnit},

  dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]/{unit,job}/**
       interface=org.freedesktop.DBus.Properties
--- a/apparmor.d/groups/systemd/systemd-machine-id-setup
+++ b/apparmor.d/groups/systemd/systemd-machine-id-setup
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/systemd-machine-id-setup
 profile systemd-machine-id-setup @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>

  capability dac_override,

--- a/apparmor.d/groups/ubuntu/do-release-upgrade
+++ b/apparmor.d/groups/ubuntu/do-release-upgrade
@ -15,6 +15,11 @@ profile do-release-upgrade @{exec_path} {
  include <abstractions/python>
  include <abstractions/ssl_certs>

+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
  @{exec_path} mr,

  /{usr/,}bin/dpkg         rPx -> child-dpkg,
@ -27,6 +32,7 @@ profile do-release-upgrade @{exec_path} {
  /etc/update-manager/{,**} r,

  /var/lib/update-manager/meta-release-* rw,
+  /var/cache/apt/pkgcache.bin{,.*} rw,

  owner @{PROC}/@{pid}/fd/ r,