felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): use the new hex variable.

Browse source
This commit is contained in:
Alexandre Pujol 2022-09-03 14:43:34 +01:00
parent 5d0c521e44
commit 3b56d3ff0f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
70 changed files with 142 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

16
apparmor.d/groups/gpg/gpg-agent
View file

@ -25,53 +25,53 @@ profile gpg-agent @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key rw,
owner @{HOME}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{HOME}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{user_projects_dirs}/**/{.,}gnupg/ rw,
owner @{user_projects_dirs}/**/{.,}gnupg/gpg-agent.conf r,
owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/ rw,
owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{user_projects_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{user_projects_dirs}/**/{.,}gnupg/sshcontrol r,
owner @{run}/user/@{uid}/gnupg/ rw,
owner @{run}/user/@{uid}/gnupg/gpg-agent.conf r,
owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/ rw,
owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{run}/user/@{uid}/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{run}/user/@{uid}/gnupg/sshcontrol r,
owner @{user_tmp_dirs}/**/{.,}gnupg/ rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/gpg-agent.conf r,
owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/ rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/sshcontrol r,
owner /var/lib/*/.gnupg/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/@{hex}.key rw,
owner /var/lib/*/.gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /var/lib/*/.gnupg/sshcontrol r,
owner /var/lib/*/gnupg/ rw,
owner /var/lib/*/gnupg/private-keys-v1.d/ rw,
owner /var/lib/*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner /var/lib/*/gnupg/private-keys-v1.d/@{hex}.key rw,
owner /var/lib/*/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /var/lib/*/gnupg/sshcontrol r,
owner /tmp/tmp.*/gnupg/ rw,
owner /tmp/tmp.*/gnupg/private-keys-v1.d/ rw,
owner /tmp/tmp.*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner /tmp/tmp.*/gnupg/private-keys-v1.d/@{hex}.key rw,
owner /tmp/tmp.*/gnupg/{,d.*/}S.gpg-agent rw,
owner /tmp/tmp.*/gnupg/sshcontrol r,

6
apparmor.d/groups/gpg/gpg-connect-agent
View file

@ -21,9 +21,9 @@ profile gpg-connect-agent @{exec_path} {
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
owner /tmp/tmp.*/.#lk0x[0-9a-f]*.*.@{pid} rw,
owner /tmp/tmp.*/.#lk0x[0-9a-f]*.*.@{pid}x rwl -> /tmp/*/.#lk0x[0-9a-f]*.*.@{pid},
owner /tmp/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x[0-9a-f]*.*.@{pid},
owner /tmp/tmp.*/.#lk0x@{hex}.*.@{pid} rw,
owner /tmp/tmp.*/.#lk0x@{hex}.*.@{pid}x rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner /tmp/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
include if exists <local/gpg-connect-agent>
}