refactor(profiles): use @{bin} and @{lib} in profiles (3)
This commit is contained in:
Alexandre Pujol
parent
2eed3b725f
commit
27daa7c9bb
355 changed files with 1473 additions and 1472 deletions
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}{,s}bin/ModemManager
|
||||
@{exec_path} = @{bin}/ModemManager
|
||||
profile ModemManager @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}{,s}bin/NetworkManager
|
||||
@{exec_path} = @{bin}/NetworkManager
|
||||
profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-network-manager-strict>
|
||||
|
|
@ -89,22 +89,22 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/nft rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/nft rix,
|
||||
|
||||
/{usr/,}{s,}bin/netconfig rPUx,
|
||||
/{usr/,}bin/dnsmasq rPx,
|
||||
/{usr/,}bin/kmod rPx,
|
||||
/{usr/,}bin/resolvconf rPx,
|
||||
/{usr/,}bin/systemctl rPx -> child-systemctl,
|
||||
@{libexec}/{,NetworkManager/}nm-dhcp-helper rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-dispatcher rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-iface-helper rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-initrd-generator rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-service rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-daemon-helper rPx,
|
||||
@{bin}/dnsmasq rPx,
|
||||
@{bin}/kmod rPx,
|
||||
@{bin}/netconfig rPUx,
|
||||
@{bin}/resolvconf rPx,
|
||||
@{bin}/systemctl rPx -> child-systemctl,
|
||||
@{lib}/{,NetworkManager/}nm-daemon-helper rPx,
|
||||
@{lib}/{,NetworkManager/}nm-dhcp-helper rPx,
|
||||
@{lib}/{,NetworkManager/}nm-dispatcher rPx,
|
||||
@{lib}/{,NetworkManager/}nm-iface-helper rPx,
|
||||
@{lib}/{,NetworkManager/}nm-initrd-generator rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-service rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
|
||||
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/dhcpcd
|
||||
@{exec_path} = @{bin}/dhcpcd
|
||||
profile dhcpcd @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -27,14 +27,14 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/cat rix,
|
||||
/{usr/,}bin/chmod rix,
|
||||
/{usr/,}bin/cmp rix,
|
||||
/{usr/,}bin/mkdir rix,
|
||||
/{usr/,}bin/rm rix,
|
||||
/{usr/,}bin/sed rix,
|
||||
/{usr/,}lib/dhcpcd/dhcpcd-run-hooks rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/cat rix,
|
||||
@{bin}/chmod rix,
|
||||
@{bin}/cmp rix,
|
||||
@{bin}/mkdir rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/sed rix,
|
||||
@{lib}/dhcpcd/dhcpcd-run-hooks rix,
|
||||
/dev/tty rw,
|
||||
/var/lib/dhcpcd/*.lease{,6} rw,
|
||||
/var/lib/dhcpcd/secret rw,
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/iwctl
|
||||
@{exec_path} = @{bin}/iwctl
|
||||
profile iwctl @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}lib/iwd/iwd
|
||||
@{exec_path} = @{lib}/iwd/iwd
|
||||
profile iwd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/mullvad-daemon
|
||||
@{exec_path} = @{bin}/mullvad-daemon
|
||||
@{exec_path} += /opt/Mullvad*/resources/mullvad-daemon
|
||||
profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
|
|
@ -33,7 +33,7 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/ip rix,
|
||||
@{bin}/ip rix,
|
||||
|
||||
"/opt/Mullvad VPN/resources/openvpn" rix,
|
||||
"/opt/Mullvad VPN/resources/*.so*" mr,
|
||||
|
|
|
|||
|
|
@ -34,9 +34,9 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
"/opt/Mullvad VPN/*.so*" mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/gsettings rix,
|
||||
/{usr/,}bin/xdg-open rPx,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/gsettings rix,
|
||||
@{bin}/xdg-open rPx,
|
||||
|
||||
"/opt/Mullvad VPN/{,**}" r,
|
||||
/usr/share/themes/{,**} r,
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/networkd-dispatcher
|
||||
@{exec_path} = @{bin}/networkd-dispatcher
|
||||
profile networkd-dispatcher @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -21,8 +21,8 @@ profile networkd-dispatcher @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/ r,
|
||||
/{usr/,}bin/networkctl rPx,
|
||||
@{bin}/ r,
|
||||
@{bin}/networkctl rPx,
|
||||
|
||||
/etc/networkd-dispatcher/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-daemon-helper
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-daemon-helper
|
||||
profile nm-daemon-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-dhcp-helper
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-dhcp-helper
|
||||
profile nm-dhcp-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-dispatcher
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-dispatcher
|
||||
profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -26,28 +26,28 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}{s,}bin/netconfig rPUx,
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/basename rix,
|
||||
/{usr/,}bin/chronyc rPUx,
|
||||
/{usr/,}bin/date rix,
|
||||
/{usr/,}bin/gawk rix,
|
||||
/{usr/,}bin/grep rix,
|
||||
/{usr/,}bin/id rix,
|
||||
/{usr/,}bin/mkdir rix,
|
||||
/{usr/,}bin/mktemp rix,
|
||||
/{usr/,}bin/nmcli rix,
|
||||
/{usr/,}bin/readlink rix,
|
||||
/{usr/,}bin/rm rix,
|
||||
/{usr/,}bin/run-parts rPx,
|
||||
/{usr/,}bin/sed rix,
|
||||
/{usr/,}bin/systemctl rPx -> child-systemctl,
|
||||
/{usr/,}bin/systemd-cat rPx,
|
||||
/{usr/,}bin/tr rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/basename rix,
|
||||
@{bin}/chronyc rPUx,
|
||||
@{bin}/date rix,
|
||||
@{bin}/gawk rix,
|
||||
@{bin}/grep rix,
|
||||
@{bin}/id rix,
|
||||
@{bin}/mkdir rix,
|
||||
@{bin}/mktemp rix,
|
||||
@{bin}/netconfig rPUx,
|
||||
@{bin}/nmcli rix,
|
||||
@{bin}/readlink rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/run-parts rPx,
|
||||
@{bin}/sed rix,
|
||||
@{bin}/systemctl rPx -> child-systemctl,
|
||||
@{bin}/systemd-cat rPx,
|
||||
@{bin}/tr rix,
|
||||
/usr/share/tlp/tlp-readconfs rPUx,
|
||||
|
||||
/{usr/,}lib/NetworkManager/dispatcher.d/ r,
|
||||
/{usr/,}lib/NetworkManager/dispatcher.d/* rix,
|
||||
@{lib}/NetworkManager/dispatcher.d/ r,
|
||||
@{lib}/NetworkManager/dispatcher.d/* rix,
|
||||
/etc/NetworkManager/dispatcher.d/ r,
|
||||
/etc/NetworkManager/dispatcher.d/** rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-iface-helper
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-iface-helper
|
||||
profile nm-iface-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-initrd-generator
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-initrd-generator
|
||||
profile nm-initrd-generator @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-openvpn-auth-dialog
|
||||
profile nm-openvpn-auth-dialog @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-service
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-openvpn-service
|
||||
profile nm-openvpn-service @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -18,11 +18,11 @@ profile nm-openvpn-service @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
/{usr/,}{s,}bin/openvpn rPx,
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/kmod rPx,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/kmod rPx,
|
||||
@{bin}/openvpn rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
|
||||
@{run}/NetworkManager/nm-openvpn-@{uuid} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper
|
||||
@{exec_path} = @{lib}/{,NetworkManager/}nm-openvpn-service-openvpn-helper
|
||||
profile nm-openvpn-service-openvpn-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/nmcli
|
||||
@{exec_path} = @{bin}/nmcli
|
||||
profile nmcli @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ profile nmcli @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/less rCx -> pager,
|
||||
@{bin}/less rCx -> pager,
|
||||
|
||||
owner @{HOME}/.nm-vpngate/*.ovpn r,
|
||||
owner @{HOME}/.cert/nm-openvpn/*.pem rw,
|
||||
|
|
@ -30,7 +30,7 @@ profile nmcli @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
/{usr/,}bin/less mr,
|
||||
@{bin}/less mr,
|
||||
|
||||
owner @{HOME}/.lesshs* rw,
|
||||
owner @{user_cache_dirs}/.lesshs* rw,
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}{s,}bin/openvpn
|
||||
@{exec_path} = @{bin}/openvpn
|
||||
profile openvpn @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -50,7 +50,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
@{lib}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
|
||||
/etc/openvpn/{,**} r,
|
||||
|
||||
|
|
@ -62,9 +62,9 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/openvpn/*.{pid,status} rw,
|
||||
@{run}/systemd/journal/dev-log rw,
|
||||
|
||||
/{usr/,}{s,}bin/ip rix,
|
||||
/{usr/,}bin/systemd-ask-password rPx,
|
||||
/{usr/,}lib/nm-openvpn-service-openvpn-helper rPx,
|
||||
@{bin}/ip rix,
|
||||
@{bin}/systemd-ask-password rPx,
|
||||
@{lib}/nm-openvpn-service-openvpn-helper rPx,
|
||||
/etc/openvpn/force-user-traffic-via-vpn.sh rCx -> force-user-traffic-via-vpn,
|
||||
/etc/openvpn/update-resolv-conf{,.sh} rCx -> update-resolv,
|
||||
|
||||
|
|
@ -82,11 +82,11 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/etc/openvpn/update-resolv-conf.sh r,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/cut rix,
|
||||
/{usr/,}bin/which{,.debianutils} rix,
|
||||
/{usr/,}bin/ip rix,
|
||||
/{usr/,}{s,}bin/xtables-nft-multi rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/cut rix,
|
||||
@{bin}/ip rix,
|
||||
@{bin}/which{,.debianutils} rix,
|
||||
@{bin}/xtables-nft-multi rix,
|
||||
|
||||
/etc/iproute2/rt_tables r,
|
||||
/etc/iproute2/rt_tables.d/ r,
|
||||
|
|
@ -106,13 +106,13 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
|
|||
/etc/openvpn/ r,
|
||||
/etc/openvpn/force-user-traffic-via-vpn.sh r,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/sed rix,
|
||||
/{usr/,}bin/cut rix,
|
||||
/{usr/,}bin/{,e}grep rix,
|
||||
/{usr/,}bin/ip rix,
|
||||
/{usr/,}{s,}bin/nft rix,
|
||||
/{usr/,}bin/env rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/{,e}grep rix,
|
||||
@{bin}/cut rix,
|
||||
@{bin}/env rix,
|
||||
@{bin}/ip rix,
|
||||
@{bin}/nft rix,
|
||||
@{bin}/sed rix,
|
||||
|
||||
/etc/iproute2/rt_realms r,
|
||||
/etc/iproute2/group r,
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/tailscale
|
||||
@{exec_path} = @{bin}/tailscale
|
||||
profile tailscale @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -21,7 +21,7 @@ profile tailscale @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/ip rPx,
|
||||
@{bin}/ip rPx,
|
||||
|
||||
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}{,s}bin/tailscaled
|
||||
@{exec_path} = @{bin}/tailscaled
|
||||
profile tailscaled @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -30,11 +30,11 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}{s,}bin/xtables-nft-multi rix,
|
||||
/{usr/,}bin/ip rix,
|
||||
/{usr/,}bin/resolvectl rPx,
|
||||
@{bin}/ip rix,
|
||||
@{bin}/resolvectl rPx,
|
||||
@{bin}/xtables-nft-multi rix,
|
||||
|
||||
/{usr/,}bin/systemctl rCx -> systemctl,
|
||||
@{bin}/systemctl rCx -> systemctl,
|
||||
|
||||
/etc/iproute2/rt_tables r,
|
||||
|
||||
|
|
@ -74,7 +74,7 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
/{usr/,}bin/systemctl mr,
|
||||
@{bin}/systemctl mr,
|
||||
|
||||
/dev/net/tun rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/wg
|
||||
@{exec_path} = @{bin}/wg
|
||||
profile wg @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/wg-quick
|
||||
@{exec_path} = @{bin}/wg-quick
|
||||
profile wg-quick @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
@ -16,17 +16,17 @@ profile wg-quick @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}{s,}bin/nft rix,
|
||||
/{usr/,}{s,}bin/sysctl rix,
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
/{usr/,}bin/cat rix,
|
||||
/{usr/,}bin/ip rPx,
|
||||
/{usr/,}bin/readlink rix,
|
||||
/{usr/,}bin/resolvectl rPx,
|
||||
/{usr/,}bin/sort rix,
|
||||
/{usr/,}bin/stat rix,
|
||||
/{usr/,}bin/wg rPx,
|
||||
/{usr/,}bin/xtables-nft-multi rix,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/cat rix,
|
||||
@{bin}/ip rPx,
|
||||
@{bin}/nft rix,
|
||||
@{bin}/readlink rix,
|
||||
@{bin}/resolvectl rPx,
|
||||
@{bin}/sort rix,
|
||||
@{bin}/stat rix,
|
||||
@{bin}/sysctl rix,
|
||||
@{bin}/wg rPx,
|
||||
@{bin}/xtables-nft-multi rix,
|
||||
|
||||
/usr/share/terminfo/x/xterm-256color r,
|
||||
|
||||
|
|
@ -42,7 +42,7 @@ profile wg-quick @{exec_path} {
|
|||
/dev/tty rw,
|
||||
|
||||
# Force the use as root
|
||||
deny /{usr/,}bin/sudo x,
|
||||
deny @{bin}/sudo x,
|
||||
|
||||
include if exists <local/wg-quick>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue