felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the new @{tmp} variable.

Browse source 
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol 2024-05-02 22:12:02 +01:00
parent 0bbbe71422
commit 3f69b9fec4
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
257 changed files with 668 additions and 685 deletions
Download patch file Download diff file Expand all files Collapse all files

18
apparmor.d/profiles-s-z/spectre-meltdown-checker
View file

@ -73,17 +73,17 @@ profile spectre-meltdown-checker @{exec_path} {
# To fetch MCE.db from the MCExtractor project
@{bin}/wget rCx -> mcedb,
@{bin}/sqlite3 rCx -> mcedb,
owner /tmp/mcedb-* rw,
owner /tmp/smc-* rw,
owner /tmp/{,smc-}intelfw-*/ rw,
owner /tmp/{,smc-}intelfw-*/fw.zip rw,
owner /tmp/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/ rw,
owner /tmp/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/** rw,
owner @{tmp}/mcedb-* rw,
owner @{tmp}/smc-* rw,
owner @{tmp}/{,smc-}intelfw-*/ rw,
owner @{tmp}/{,smc-}intelfw-*/fw.zip rw,
owner @{tmp}/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/ rw,
owner @{tmp}/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/** rw,
owner @{HOME}/.mcedb rw,
/tmp/ r,
owner /tmp/{config,kernel}-* rw,
owner @{tmp}/{config,kernel}-* rw,
owner /dev/cpu/@{int}/cpuid r,
owner /dev/cpu/@{int}/msr rw,
@ -166,8 +166,8 @@ profile spectre-meltdown-checker @{exec_path} {
owner @{HOME}/.mcedb rw,
/tmp/ r,
owner /tmp/{,smc-}mcedb-* rwk,
owner /tmp/{,smc-}intelfw-*/fw.zip rw,
owner @{tmp}/{,smc-}mcedb-* rwk,
owner @{tmp}/{,smc-}intelfw-*/fw.zip rw,
/usr/share/publicsuffix/public_suffix_list.* r,