diff --git a/apparmor.d/profiles-a-f/alacarte b/apparmor.d/profiles-a-f/alacarte index eed67619d..700c6d517 100644 --- a/apparmor.d/profiles-a-f/alacarte +++ b/apparmor.d/profiles-a-f/alacarte @@ -7,7 +7,7 @@ abi , include @{exec_path} = @{bin}/alacarte -profile alacarte @{exec_path} { +profile alacarte @{exec_path} flags=(attach_disconnected) { include include include @@ -30,6 +30,11 @@ profile alacarte @{exec_path} { owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw, + @{sys}/fs/cgroup/user.slice/cpu.max r, + @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r, + @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/cpu.max r, + owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r, + owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index c63a8de7c..771560c6b 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -40,7 +40,7 @@ profile birdtray @{exec_path} { owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r, owner @{user_config_dirs}/ulduzsoft/ rw, - owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, + owner @{user_config_dirs}/ulduzsoft/* rwkl -> @{user_config_dirs}/ulduzsoft/*, owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{int}, diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index 5a31889b9..674432b2e 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh +@{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh @{lib}/code/extensions/git/dist/ssh-askpass.sh profile code-extension-git-askpass @{exec_path} { include @@ -23,7 +23,7 @@ profile code-extension-git-askpass @{exec_path} { /usr/share/terminfo/** r, - owner @{tmp}/tmp.* rw, + owner @{tmp}/tmp.@{rand10} rw, /dev/tty rw, diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index 5a0885143..7c594c900 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -32,6 +32,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) { @{bin}/g++ rix, @{bin}/gcc rix, @{bin}/getconf rix, + @{bin}/hostname rix, @{bin}/kill rix, @{bin}/kmod rCx -> kmod, @{bin}/ld rix, diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index 457e79d2a..a0ea6393e 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -133,7 +133,8 @@ profile git @{exec_path} flags=(attach_disconnected) { @{bin}/ssh mr, @{bin}/ksshaskpass ix, - + @{lib}/code/extensions/git/dist/ssh-askpass.sh Px, + @{etc_ro}/ssh/ssh_config.d/{,*} r, @{etc_ro}/ssh/ssh_config r, diff --git a/apparmor.d/profiles-m-r/needrestart-restart b/apparmor.d/profiles-m-r/needrestart-restart index b9e648602..964ff1a74 100644 --- a/apparmor.d/profiles-m-r/needrestart-restart +++ b/apparmor.d/profiles-m-r/needrestart-restart @@ -13,6 +13,7 @@ profile needrestart-restart @{exec_path} { @{exec_path} mr, @{bin}/systemctl Cx -> systemctl, + @{sh_path} r, /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw, diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass index 096f0316a..7e432a838 100644 --- a/apparmor.d/profiles-m-r/pass +++ b/apparmor.d/profiles-m-r/pass @@ -40,7 +40,7 @@ profile pass @{exec_path} { @{bin}/tr ix, @{bin}/tree ix, @{bin}/tty ix, - @{bin}/which{,.debianutils} ix, + @{bin}/which{,.debianutils} rix, @{bin}/git Cx -> git, @{bin}/gpg{2,} Cx -> gpg, diff --git a/apparmor.d/profiles-s-z/wechat b/apparmor.d/profiles-s-z/wechat index b7ad3a2e8..cb554fc6b 100644 --- a/apparmor.d/profiles-s-z/wechat +++ b/apparmor.d/profiles-s-z/wechat @@ -14,9 +14,9 @@ include @{exec_path} = @{lib_dirs}/wechat profile wechat @{exec_path} flags=(attach_disconnected) { include - include include include + include include network netlink raw, diff --git a/apparmor.d/profiles-s-z/wechat-appimage b/apparmor.d/profiles-s-z/wechat-appimage index 55155f2b8..9f8c20338 100644 --- a/apparmor.d/profiles-s-z/wechat-appimage +++ b/apparmor.d/profiles-s-z/wechat-appimage @@ -14,10 +14,11 @@ include @{exec_path} = @{bin}/wechat @{lib_dirs}/wechat-appimage.Appimage /tmp/.mount_wechat??????/user/bin/wechat profile wechat-appimage @{exec_path} flags=(attach_disconnected) { include - include include include + include include + include network netlink raw, network netlink dgram, diff --git a/apparmor.d/profiles-s-z/wechat-universal b/apparmor.d/profiles-s-z/wechat-universal index 21e1eee10..cd8958e8e 100644 --- a/apparmor.d/profiles-s-z/wechat-universal +++ b/apparmor.d/profiles-s-z/wechat-universal @@ -14,10 +14,10 @@ include @{exec_path} = @{bin}/wechat-universal @{lib_dirs}/wechat profile wechat-universal @{exec_path} flags=(attach_disconnected) { include - include include - include include + include + include include network netlink raw,