fix(profile): various fixes.
This commit is contained in:
Alexandre Pujol
parent
018e31375b
commit
46b0b19d5b
4 changed files with 18 additions and 2 deletions
|
|
@ -16,6 +16,7 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
@{lib}/netplan/generate rPx,
|
@{lib}/netplan/generate rPx,
|
||||||
@{bin}/udevadm rCx -> udevadm,
|
@{bin}/udevadm rCx -> udevadm,
|
||||||
|
@{bin}/systemctl rCx -> systemctl,
|
||||||
|
|
||||||
/usr/share/netplan/{,**} r,
|
/usr/share/netplan/{,**} r,
|
||||||
|
|
||||||
|
|
@ -35,6 +36,13 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
|
||||||
include if exists <local/netplan.script_udevadm>
|
include if exists <local/netplan.script_udevadm>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
profile systemctl {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/app/systemctl>
|
||||||
|
|
||||||
|
include if exists <local/netplan.script_systemctl>
|
||||||
|
}
|
||||||
|
|
||||||
include if exists <local/netplan.script>
|
include if exists <local/netplan.script>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ profile networkd-dispatcher @{exec_path} {
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
@{bin}/chronyc rPx,
|
@{bin}/chronyc rPUx,
|
||||||
@{bin}/ls rix,
|
@{bin}/ls rix,
|
||||||
@{bin}/networkctl rPx,
|
@{bin}/networkctl rPx,
|
||||||
@{bin}/sed rix,
|
@{bin}/sed rix,
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,11 @@ profile snapd @{exec_path} {
|
||||||
/etc/modprobe.d/{,**/} r,
|
/etc/modprobe.d/{,**/} r,
|
||||||
/etc/modules-load.d/{,**/} r,
|
/etc/modules-load.d/{,**/} r,
|
||||||
/etc/modules-load.d/*snap* rw,
|
/etc/modules-load.d/*snap* rw,
|
||||||
|
/etc/systemd/system/{,**/} r,
|
||||||
|
/etc/systemd/system/snap* rw,
|
||||||
|
/etc/systemd/user/{,**/} rw,
|
||||||
|
/etc/systemd/user/**/*snap* rw,
|
||||||
|
/etc/systemd/user/*snap* rw,
|
||||||
/etc/udev/rules.d/{,*snap*} rw,
|
/etc/udev/rules.d/{,*snap*} rw,
|
||||||
|
|
||||||
/snap/{,**} rw,
|
/snap/{,**} rw,
|
||||||
|
|
@ -180,6 +185,7 @@ profile snapd @{exec_path} {
|
||||||
include <abstractions/app/systemctl>
|
include <abstractions/app/systemctl>
|
||||||
|
|
||||||
capability net_admin,
|
capability net_admin,
|
||||||
|
capability sys_resource,
|
||||||
|
|
||||||
/etc/systemd/system/{,**/} r,
|
/etc/systemd/system/{,**/} r,
|
||||||
/etc/systemd/system/snap* rw,
|
/etc/systemd/system/snap* rw,
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,8 @@ profile mkinitramfs @{exec_path} {
|
||||||
/usr/share/initramfs-tools/{,**} r,
|
/usr/share/initramfs-tools/{,**} r,
|
||||||
/etc/initramfs-tools/{,**} r,
|
/etc/initramfs-tools/{,**} r,
|
||||||
|
|
||||||
|
/etc/xattr.conf r,
|
||||||
|
|
||||||
# For shell pwd
|
# For shell pwd
|
||||||
/ r,
|
/ r,
|
||||||
/etc/ r,
|
/etc/ r,
|
||||||
|
|
@ -174,7 +176,7 @@ profile mkinitramfs @{exec_path} {
|
||||||
|
|
||||||
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/ r,
|
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/ r,
|
||||||
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/modules.* rw,
|
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/modules.* rw,
|
||||||
owner /var/tmp/mkinitramfs_@{rand6}usr/lib/modules/*/updates/{,**} r,
|
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/updates/{,**} r,
|
||||||
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/{,**/} r,
|
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/{,**/} r,
|
||||||
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/**/*.ko* r,
|
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/**/*.ko* r,
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue