felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(snap): do not confine snap.

Browse source 
Curently ignored because of some incompatibilities with snap-confine.

snap-confine is more important to confine than snap itself.
This commit is contained in:
Alexandre Pujol 2023-09-10 12:07:35 +01:00
parent aaed7a25da
commit 3147f7d59a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
10 changed files with 12 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/profiles-s-z/snap
View file

@ -50,9 +50,9 @@ profile snap @{exec_path} {
@{bin}/systemctl rPx -> child-systemctl,
/snap/{,**} rw,
@{lib_dirs}/snapd/snap-confine rPx,
@{lib_dirs}/snapd/snap-seccomp rPx,
@{lib_dirs}/snapd/snapd rPx,
# @{lib_dirs}/snap-confine rPx -> /usr/lib/snapd/snap-confine,
@{lib_dirs}/snapd/snap-seccomp rPx -> snap-seccomp,
@{lib_dirs}/snapd/snapd rPx -> snapd,
/etc/fstab r,