Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector (#183)
* Update update-mime-database * Update btrfs * Update update-grub * Update pacman-hook-depmod * Update pacman * Update systemd-sysusers * Update lscpu * Update pacman-hook-systemd * Update pacman-hook-perl * Update pacman-hook-gtk * Update needrestart-iucode-scan-versions * Update reflector * Update kded5
This commit is contained in:
curiosityseeker
GitHub
parent
0f9b7cb474
commit
4894d6a3c4
13 changed files with 55 additions and 14 deletions
|
|
@ -150,7 +150,8 @@ profile pacman @{exec_path} {
|
|||
|
||||
@{run}/utmp rk,
|
||||
|
||||
owner /dev/tty[0-9]* rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
# Silencer,
|
||||
deny /tmp/ r,
|
||||
|
|
@ -174,7 +175,8 @@ profile pacman @{exec_path} {
|
|||
|
||||
@{HOME}/@{XDG_GPG_DIR}/*.conf r,
|
||||
|
||||
/dev/tty[0-9]* rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
deny network inet stream,
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -23,11 +23,13 @@ profile pacman-hook-depmod @{exec_path} {
|
|||
|
||||
/usr/lib/modules/*/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/pacman-hook-depmod>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,11 +23,13 @@ profile pacman-hook-gtk @{exec_path} {
|
|||
|
||||
/usr/share/icons/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/pacman-hook-gtk>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,11 +23,13 @@ profile pacman-hook-perl @{exec_path} {
|
|||
|
||||
@{lib}/perl[0-9]*/{,**} r,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
# Inherit silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/pacman-hook-perl>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,11 +30,13 @@ profile pacman-hook-systemd @{exec_path} {
|
|||
|
||||
/usr/ rw,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
# Inherit silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/pacman-hook-systemd>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,10 @@ profile reflector @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/python>
|
||||
include <abstractions/ssl_certs>
|
||||
|
||||
capability net_admin,
|
||||
capability dac_read_search,
|
||||
capability dac_override,
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
|
|
@ -33,5 +37,8 @@ profile reflector @{exec_path} flags=(attach_disconnected) {
|
|||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
|
||||
include if exists <local/reflector>
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue