From 4b23bccb479c840b9cc3459e9ea6c55d9f970853 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 23 Feb 2024 20:12:32 +0000 Subject: [PATCH] fix: ensure fsck.ext4 is has only one profile. fsck.ext4 was in the profile attachment for both fsck-ext4 and e2fsck, breaking transition to the profile. Also reorganise some entrypoint to avoid this kind of confusion. --- apparmor.d/profiles-a-f/e2fsck | 2 +- apparmor.d/profiles-a-f/fsck-ext4 | 20 ------------------- .../profiles-a-f/{fsck-btrfs => fsck.btrfs} | 4 ++-- .../profiles-a-f/{fsck-fat => fsck.fat} | 6 +++--- apparmor.d/profiles-m-r/mke2fs | 2 +- 5 files changed, 7 insertions(+), 27 deletions(-) delete mode 100644 apparmor.d/profiles-a-f/fsck-ext4 rename apparmor.d/profiles-a-f/{fsck-btrfs => fsck.btrfs} (83%) rename apparmor.d/profiles-a-f/{fsck-fat => fsck.fat} (76%) diff --git a/apparmor.d/profiles-a-f/e2fsck b/apparmor.d/profiles-a-f/e2fsck index 4bcac87ff..7e5c95c2f 100644 --- a/apparmor.d/profiles-a-f/e2fsck +++ b/apparmor.d/profiles-a-f/e2fsck @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/{e2fsck,fsck.ext2,fsck.ext3,fsck.ext4} +@{exec_path} = @{bin}/e2fsck @{bin}/fsck.ext2 @{bin}/fsck.ext3 @{bin}/fsck.ext4 profile e2fsck @{exec_path} { include include diff --git a/apparmor.d/profiles-a-f/fsck-ext4 b/apparmor.d/profiles-a-f/fsck-ext4 deleted file mode 100644 index ccc608f7a..000000000 --- a/apparmor.d/profiles-a-f/fsck-ext4 +++ /dev/null @@ -1,20 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2021-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/fsck.ext4 -profile fsck-ext4 @{exec_path} { - include - - @{exec_path} rm, - - @{sh_path} rix, - - /etc/fstab r, - - include if exists -} diff --git a/apparmor.d/profiles-a-f/fsck-btrfs b/apparmor.d/profiles-a-f/fsck.btrfs similarity index 83% rename from apparmor.d/profiles-a-f/fsck-btrfs rename to apparmor.d/profiles-a-f/fsck.btrfs index a9ce576ac..7142f9cf1 100644 --- a/apparmor.d/profiles-a-f/fsck-btrfs +++ b/apparmor.d/profiles-a-f/fsck.btrfs @@ -8,7 +8,7 @@ abi , include @{exec_path} = @{bin}/fsck.btrfs -profile fsck-btrfs @{exec_path} { +profile fsck.btrfs @{exec_path} { include @{exec_path} r, @@ -17,5 +17,5 @@ profile fsck-btrfs @{exec_path} { /etc/fstab r, - include if exists + include if exists } diff --git a/apparmor.d/profiles-a-f/fsck-fat b/apparmor.d/profiles-a-f/fsck.fat similarity index 76% rename from apparmor.d/profiles-a-f/fsck-fat rename to apparmor.d/profiles-a-f/fsck.fat index e257d9213..6b5567d7d 100644 --- a/apparmor.d/profiles-a-f/fsck-fat +++ b/apparmor.d/profiles-a-f/fsck.fat @@ -7,8 +7,8 @@ abi , include -@{exec_path} = @{bin}/{fsck.fat,fsck.msdos,fsck.vfat,dosfsck} -profile fsck-fat @{exec_path} { +@{exec_path} = @{bin}/fsck.fat @{bin}/fsck.msdos @{bin}/fsck.vfat @{bin}/dosfsck +profile fsck.fat @{exec_path} { include include include @@ -20,5 +20,5 @@ profile fsck-fat @{exec_path} { owner @{run}/systemd/fsck.progress rw, - include if exists + include if exists } diff --git a/apparmor.d/profiles-m-r/mke2fs b/apparmor.d/profiles-m-r/mke2fs index 6a73f29e3..f1762dd4b 100644 --- a/apparmor.d/profiles-m-r/mke2fs +++ b/apparmor.d/profiles-m-r/mke2fs @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/{mke2fs,mkfs.ext2,mkfs.ext3,mkfs.ext4} +@{exec_path} = @{bin}/mke2fs @{bin}/mkfs.ext2 @{bin}/mkfs.ext3 @{bin}/mkfs.ext4 profile mke2fs @{exec_path} { include include