felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the new @{tmp} variable.

Browse source 
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol 2024-05-02 22:12:02 +01:00
parent 0bbbe71422
commit 3f69b9fec4
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
257 changed files with 668 additions and 685 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/gpg/gpg
View file

@ -55,10 +55,10 @@ profile gpg @{exec_path} {
owner /var/tmp/zypp.@{rand6}/** rwkl -> /var/tmp/zypp.@{rand6}/**,
#aa:exclude ubuntu
owner /tmp/ostree-gpg-*/ r,
owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
owner @{tmp}/ostree-gpg-*/ r,
owner @{tmp}/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
owner /tmp/tmp.[a-zA-Z0-9]* rw,
owner @{tmp}/tmp.[a-zA-Z0-9]* rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,

10
apparmor.d/groups/gpg/gpg-agent
View file

@ -75,11 +75,11 @@ profile gpg-agent @{exec_path} {
owner /var/tmp/zypp.*/{,*/}private-keys-v1.d/@{hex}.key rw,
owner /var/tmp/zypp.*/{,*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /tmp/tmp.*/gnupg/ rw,
owner /tmp/tmp.*/gnupg/private-keys-v1.d/ rw,
owner /tmp/tmp.*/gnupg/private-keys-v1.d/@{hex}.key rw,
owner /tmp/tmp.*/gnupg/{,d.*/}S.gpg-agent rw,
owner /tmp/tmp.*/gnupg/sshcontrol r,
owner @{tmp}/tmp.*/gnupg/ rw,
owner @{tmp}/tmp.*/gnupg/private-keys-v1.d/ rw,
owner @{tmp}/tmp.*/gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{tmp}/tmp.*/gnupg/{,d.*/}S.gpg-agent rw,
owner @{tmp}/tmp.*/gnupg/sshcontrol r,
@{PROC}/@{pid}/fd/ r,

6
apparmor.d/groups/gpg/gpg-connect-agent
View file

@ -22,9 +22,9 @@ profile gpg-connect-agent @{exec_path} {
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
owner /tmp/tmp.*/.#lk0x@{hex}.*.@{pid} rw,
owner /tmp/tmp.*/.#lk0x@{hex}.*.@{pid}x rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner /tmp/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner @{tmp}/tmp.*/.#lk0x@{hex}.*.@{pid} rw,
owner @{tmp}/tmp.*/.#lk0x@{hex}.*.@{pid}x rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner @{tmp}/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
include if exists <local/gpg-connect-agent>
}