felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): various fixes.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-23 14:08:50 +01:00
parent 018e31375b
commit 46b0b19d5b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apparmor.d/groups/network/netplan.script
View file

@ -16,6 +16,7 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
@{lib}/netplan/generate rPx,
@{bin}/udevadm rCx -> udevadm,
@{bin}/systemctl rCx -> systemctl,
/usr/share/netplan/{,**} r,
@ -35,6 +36,13 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
include if exists <local/netplan.script_udevadm>
}
profile systemctl {
include <abstractions/base>
include <abstractions/app/systemctl>
include if exists <local/netplan.script_systemctl>
}
include if exists <local/netplan.script>
}

2
apparmor.d/groups/network/networkd-dispatcher
View file

@ -21,7 +21,7 @@ profile networkd-dispatcher @{exec_path} {
@{exec_path} mr,
@{bin}/ r,
@{bin}/chronyc rPx,
@{bin}/chronyc rPUx,
@{bin}/ls rix,
@{bin}/networkctl rPx,
@{bin}/sed rix,

6
apparmor.d/groups/snap/snapd
View file

@ -110,6 +110,11 @@ profile snapd @{exec_path} {
/etc/modprobe.d/{,**/} r,
/etc/modules-load.d/{,**/} r,
/etc/modules-load.d/*snap* rw,
/etc/systemd/system/{,**/} r,
/etc/systemd/system/snap* rw,
/etc/systemd/user/{,**/} rw,
/etc/systemd/user/**/*snap* rw,
/etc/systemd/user/*snap* rw,
/etc/udev/rules.d/{,*snap*} rw,
/snap/{,**} rw,
@ -180,6 +185,7 @@ profile snapd @{exec_path} {
include <abstractions/app/systemctl>
capability net_admin,
capability sys_resource,
/etc/systemd/system/{,**/} r,
/etc/systemd/system/snap* rw,

4
apparmor.d/profiles-m-r/mkinitramfs
View file

@ -75,6 +75,8 @@ profile mkinitramfs @{exec_path} {
/usr/share/initramfs-tools/{,**} r,
/etc/initramfs-tools/{,**} r,
/etc/xattr.conf r,
# For shell pwd
/ r,
/etc/ r,
@ -174,7 +176,7 @@ profile mkinitramfs @{exec_path} {
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/ r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/modules.* rw,
owner /var/tmp/mkinitramfs_@{rand6}usr/lib/modules/*/updates/{,**} r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/updates/{,**} r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/{,**/} r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/**/*.ko* r,