felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-22 21:37:09 +00:00
parent a49d83993a
commit 31bc5a6053
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
16 changed files with 56 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/systemd/systemd-coredump
View file

@ -25,6 +25,8 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
mount -> /,
ptrace (read),
@{exec_path} mr,
@{lib}/** r,

2
apparmor.d/groups/systemd/systemd-journald
View file

@ -27,6 +27,8 @@ profile systemd-journald @{exec_path} {
network netlink raw,
ptrace (read),
@{exec_path} mr,
/etc/systemd/journald.conf r,

7
apparmor.d/groups/systemd/systemd-portabled
View file

@ -13,16 +13,9 @@ profile systemd-portabled @{exec_path} {
capability sys_ptrace,
ptrace (read) peer=unconfined,
@{exec_path} mr,
/var/lib/portables/{,**} rw,
@{PROC}/1/environ r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/kernel/random/boot_id r,
include if exists <local/systemd-portabled>
}

1
apparmor.d/groups/systemd/systemd-tty-ask-password-agent
View file

@ -14,6 +14,7 @@ profile systemd-tty-ask-password-agent @{exec_path} {
audit capability net_admin,
signal (receive) set=(term cont) peer=default,
signal (receive) set=(term cont) peer=logrotate,
@{exec_path} mr,