tests(check): more linting.

2025-07-27 13:24:57 +02:00 · 2025-07-27 13:24:57 +02:00 · 2a249cfe34
commit 2a249cfe34
parent 50a12756f8
6 changed files with 9 additions and 10 deletions
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -57,7 +57,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  network unix stream,

  ptrace read,
-  ptrace readby peer=pipewire,

  signal receive set=(term, hup) peer=gdm*,
  signal send,
--- a/apparmor.d/groups/lxqt/startlxqt
+++ b/apparmor.d/groups/lxqt/startlxqt
@ -54,8 +54,6 @@ profile startlxqt @{exec_path} {

  owner @{run}/user/@{uid}/ r,

-  owner @{PROC}/@{pid}/maps r,
-
  /dev/tty rw,
  /dev/tty@{int} rw,

--- a/apparmor.d/groups/snap/snap
+++ b/apparmor.d/groups/snap/snap
@ -86,7 +86,6 @@ profile snap @{exec_path} flags=(attach_disconnected) {
  @{sys}/kernel/security/apparmor/features/{,**} r,

        @{PROC}/@{pid}/cgroup r,
-        @{PROC}/@{pid}/maps r,
        @{PROC}/@{pid}/mountinfo r,
        @{PROC}/cgroups r,
        @{PROC}/cmdline r,
--- a/apparmor.d/profiles-g-l/kdump-config
+++ b/apparmor.d/profiles-g-l/kdump-config
@ -12,8 +12,6 @@ profile kdump-config @{exec_path} flags=(attach_disconnected) {

  capability sys_admin,

-  ptrace readby peer=@{p_systemd_journald},
-
  @{exec_path} mr,

  @{sh_path}       rix,
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@ -59,7 +59,6 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
        @{PROC}/@{pid}/cgroup r,
        @{PROC}/@{pid}/cmdline r,
        @{PROC}/@{pid}/environ r,
-        @{PROC}/@{pid}/maps r,
        @{PROC}/@{pid}/stat r,
  owner @{PROC}/@{pid}/fd/ r,

--- a/tests/check.sh
+++ b/tests/check.sh
@ -246,10 +246,16 @@ _check_transition() {
 }

 readonly USELESS=(
-    '@{PROC}/filesystems' '@{PROC}/sys/kernel/cap_last_cap'
-    '@{PROC}/meminfo' '@{PROC}/stat' '@{PROC}/cpuinfo'
-    '@{sys}/devices/system/cpu/online' '@{sys}/devices/system/cpu/possible'
+    'ptrace readby'
    '/usr/share/locale/'
+    '@{sys}/devices/system/cpu/online'
+    '@{sys}/devices/system/cpu/possible'
+    '@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size'
+    '@{PROC}/@{pid}/auxv' '@{PROC}/@{pid}/maps' '@{PROC}/@{pid}/status' '@{PROC}/cpuinfo'
+    '@{PROC}/filesystems' '@{PROC}/meminfo' '@{PROC}/stat'
+    '@{PROC}/sys/kernel/cap_last_cap' '@{PROC}/sys/kernel/ngroups_max'
+    '@{PROC}/sys/kernel/version' '@{PROC}/sys/vm/overcommit_memory'
+    '/dev/full' '/dev/zero'
 )
 _check_useless() {
    _is_enabled useless || return 0