felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(profiles): use @{bin} and @{lib} in profiles (2)

Browse source
This commit is contained in:
Alexandre Pujol 2023-07-09 13:30:27 +01:00
parent bb71f49598
commit 2eed3b725f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
101 changed files with 538 additions and 538 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/gpg/dirmngr
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/dirmngr
@{exec_path} = @{bin}/dirmngr
profile dirmngr @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

14
apparmor.d/groups/gpg/gpg
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gpg
@{exec_path} = @{bin}/gpg
profile gpg @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -21,12 +21,12 @@ profile gpg @{exec_path} {
@{exec_path} mrix,
/{usr/,}bin/dirmngr rPx,
/{usr/,}bin/gpg-agent rPx,
/{usr/,}bin/gpg-connect-agent rPx,
/{usr/,}bin/gpgconf rPx,
/{usr/,}bin/gpgsm rPx,
/{usr/,}lib/gnupg/scdaemon rPx,
@{bin}/dirmngr rPx,
@{bin}/gpg-agent rPx,
@{bin}/gpg-connect-agent rPx,
@{bin}/gpgconf rPx,
@{bin}/gpgsm rPx,
@{lib}/gnupg/scdaemon rPx,
/etc/inputrc r,

10
apparmor.d/groups/gpg/gpg-agent
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gpg-agent
@{exec_path} = @{bin}/gpg-agent
profile gpg-agent @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
@ -17,9 +17,9 @@ profile gpg-agent @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/pinentry{,-*} rPx,
/{usr/,}bin/scdaemon rPx,
/{usr/,}lib/gnupg/scdaemon rPx,
@{bin}/pinentry{,-*} rPx,
@{bin}/scdaemon rPx,
@{lib}/gnupg/scdaemon rPx,
/usr/share/gnupg/* r,
@ -84,7 +84,7 @@ profile gpg-agent @{exec_path} {
@{PROC}/@{pid}/fd/ r,
# Silencer
deny /{usr/,}bin/.gnupg/ w,
deny @{bin}/.gnupg/ w,
# file inherit
owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/gpg/gpg-connect-agent
View file

@ -6,14 +6,14 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gpg-connect-agent
@{exec_path} = @{bin}/gpg-connect-agent
profile gpg-connect-agent @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,
/{usr/,}bin/gpg-agent rPx,
@{bin}/gpg-agent rPx,
/etc/inputrc r,

16
apparmor.d/groups/gpg/gpgconf
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gpgconf
@{exec_path} = @{bin}/gpgconf
profile gpgconf @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -17,14 +17,14 @@ profile gpgconf @{exec_path} {
@{exec_path} mrix,
/{usr/,}bin/gpg-connect-agent rPx,
/{usr/,}bin/gpg{,2} rPx,
/{usr/,}bin/gpg-agent rPx,
/{usr/,}bin/dirmngr rPx,
/{usr/,}bin/gpgsm rPx,
/{usr/,}lib/gnupg/scdaemon rPx,
@{bin}/gpg-connect-agent rPx,
@{bin}/gpg{,2} rPx,
@{bin}/gpg-agent rPx,
@{bin}/dirmngr rPx,
@{bin}/gpgsm rPx,
@{lib}/gnupg/scdaemon rPx,
/{usr/,}bin/pinentry-* rPx,
@{bin}/pinentry-* rPx,
/etc/gcrypt/hwf.deny r,

2
apparmor.d/groups/gpg/gpgsm
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gpgsm
@{exec_path} = @{bin}/gpgsm
profile gpgsm @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/gpg/scdaemon
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/scdaemon /{usr/,}lib/gnupg/scdaemon
@{exec_path} = @{bin}/scdaemon @{lib}/gnupg/scdaemon
profile scdaemon @{exec_path} {
include <abstractions/base>
include <abstractions/devices-usb>