feat: apply new linter recommendations.
This commit is contained in:
Alexandre Pujol
parent
6b8df42dbf
commit
4d1b29462c
43 changed files with 67 additions and 63 deletions
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
/etc/xdg/menus/ r,
|
||||
|
||||
owner @{run}/user//@{uid}/#@{int} rw,
|
||||
owner @{run}/user/@{uid}/#@{int} rw,
|
||||
owner @{run}/user/@{uid}/kioclient@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
|
|
|||
|
|
@ -15,11 +15,11 @@
|
|||
# peer=(addr="@@{user_cache_dirs}/ibus/dbus-????????"),
|
||||
unix (connect, receive, send)
|
||||
type=stream
|
||||
peer=(addr="@/home/*/.cache/ibus/dbus-????????"),
|
||||
peer=(addr="@/home/*/.cache/ibus/dbus-????????"), #aa:lint ignore
|
||||
|
||||
unix (connect, send, receive, accept, bind, listen)
|
||||
type=stream
|
||||
addr="@/home/*/.cache/ibus/dbus-????????",
|
||||
addr="@/home/*/.cache/ibus/dbus-????????", #aa:lint ignore
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/IBus
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ profile cron-debtags @{exec_path} {
|
|||
include <abstractions/base>
|
||||
|
||||
@{exec_path} r,
|
||||
@{sh_path} rix,
|
||||
|
||||
/usr/bin/debtags rPx,
|
||||
@{sh_path} rix,
|
||||
@{bin}/debtags rPx,
|
||||
|
||||
include if exists <local/cron-debtags>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ profile udiskie-info @{exec_path} {
|
|||
@{exec_path} r,
|
||||
@{python_path} r,
|
||||
|
||||
/usr/bin/ r,
|
||||
@{bin}/ r,
|
||||
@{sbin}/ r,
|
||||
|
||||
owner @{user_config_dirs}/udiskie/ r,
|
||||
owner @{user_config_dirs}/udiskie/config.yml r,
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ profile udiskie-mount @{exec_path} {
|
|||
@{exec_path} r,
|
||||
@{python_path} r,
|
||||
|
||||
/usr/bin/ r,
|
||||
@{bin}/ r,
|
||||
@{sbin}/ r,
|
||||
|
||||
owner @{user_config_dirs}/udiskie/ r,
|
||||
owner @{user_config_dirs}/udiskie/config.yml r,
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ profile udiskie-umount @{exec_path} {
|
|||
@{exec_path} r,
|
||||
@{python_path} r,
|
||||
|
||||
/usr/bin/ r,
|
||||
@{bin}/ r,
|
||||
@{sbin}/ r,
|
||||
|
||||
owner @{user_config_dirs}/udiskie/ r,
|
||||
owner @{user_config_dirs}/udiskie/config.yml r,
|
||||
|
|
|
|||
|
|
@ -100,9 +100,9 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
owner /.fscrypt/protectors/@{hex16} r,
|
||||
|
||||
/home/ r,
|
||||
/home/.fscrypt/policies/ r,
|
||||
owner /home/.fscrypt/policies/@{hex32} r,
|
||||
owner /home/.fscrypt/protectors/@{hex16}.link r,
|
||||
/home/.fscrypt/policies/ r, #aa:lint ignore
|
||||
owner /home/.fscrypt/policies/@{hex32} r, #aa:lint ignore
|
||||
owner /home/.fscrypt/protectors/@{hex16}.link r, #aa:lint ignore
|
||||
|
||||
owner @{HOME}/.pam_environment r,
|
||||
|
||||
|
|
|
|||
|
|
@ -23,11 +23,11 @@ profile gpgsm @{exec_path} {
|
|||
|
||||
/etc/gcrypt/hwf.deny r,
|
||||
|
||||
deny /usr/bin/.gnupg/ w,
|
||||
owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**,
|
||||
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
|
||||
|
||||
owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**,
|
||||
deny @{bin}/.gnupg/ w,
|
||||
|
||||
include if exists <local/gpgsm>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ profile grub-multi-install @{exec_path} {
|
|||
@{bin}/udevadm rPx,
|
||||
/usr/share/debconf/frontend rix,
|
||||
|
||||
/usr/lib/terminfo/x/xterm-256color r,
|
||||
@{lib}/terminfo/x/xterm-256color r,
|
||||
/usr/share/debconf/confmodule r,
|
||||
|
||||
/boot/grub/grub.cfg rw,
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
@{etc_ro}/sddm/Xsession rPx,
|
||||
@{etc_ro}/X11/xdm/Xsession rPx,
|
||||
|
||||
/usr/etc/X11/xdm/Xsetup rix,
|
||||
@{etc_ro}/X11/xdm/Xsetup rix,
|
||||
/usr/share/sddm/scripts/wayland-session rix,
|
||||
/usr/share/sddm/scripts/Xsession rix,
|
||||
/usr/share/sddm/scripts/Xsetup rix,
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
network netlink raw,
|
||||
network netlink dgram,
|
||||
|
||||
mount fstype=cgroup -> /sys/fs/cgroup/net_cls/,
|
||||
mount fstype=cgroup -> @{sys}/fs/cgroup/net_cls/,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ profile archlinux-java @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/basename rix,
|
||||
@{bin}/bash rix,
|
||||
@{bin}/dirname rix,
|
||||
@{bin}/find rix,
|
||||
@{bin}/id rix,
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ profile paccache @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{m,g,}awk rix,
|
||||
@{bin}/bash rix,
|
||||
@{bin}/cat rix,
|
||||
@{bin}/gettext rix,
|
||||
@{bin}/gpg{,2} rix,
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ profile pacman-hook-dconf @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/dconf rPx,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,13 +14,13 @@ profile pacman-hook-depmod @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/basename rix,
|
||||
@{bin}/bash rix,
|
||||
@{bin}/kmod rPx,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/rmdir rix,
|
||||
|
||||
/usr/lib/modules/*/{,**} rw,
|
||||
@{lib}/modules/*/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ profile pacman-hook-fontconfig @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/ln rix,
|
||||
@{bin}/rm rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,14 +14,14 @@ profile pacman-hook-gio @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/rmdir rix,
|
||||
@{bin}/gio-querymodules rPx,
|
||||
|
||||
@{lib}/gio/modules/giomodule.cache{,.[0-9A-Z]*} rw,
|
||||
@{lib}/gtk-{3,4}.0/**/*/ rw,
|
||||
|
||||
/usr/lib/gio/modules/ rw,
|
||||
@{lib}/gio/modules/ rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ profile pacman-hook-gtk @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/rmdir rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ profile pacman-hook-mkinitcpio @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/cmp rix,
|
||||
@{bin}/compgen rix,
|
||||
@{bin}/env rix,
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ profile pacman-hook-mkinitcpio-remove @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/cmp rix,
|
||||
@{bin}/mv rix,
|
||||
@{bin}/rm rix,
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@ profile pacman-key @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{m,g,}awk rix,
|
||||
@{bin}/basename rix,
|
||||
@{bin}/bash rix,
|
||||
@{bin}/chmod rix,
|
||||
@{bin}/gettext rix,
|
||||
@{bin}/gpg{,2} rCx -> &gpg,
|
||||
|
|
@ -60,7 +60,7 @@ profile pacman-key @{exec_path} {
|
|||
/etc/pacman.d/gnupg/ rw,
|
||||
/etc/pacman.d/gnupg/** rwkl,
|
||||
|
||||
@{HOME}/.gnupg/gpg.conf r,
|
||||
@{HOME}/@{XDG_GPG_DIR}/gpg.conf r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ profile sysctl @{exec_path} {
|
|||
|
||||
/etc/sysctl.conf r,
|
||||
/etc/sysctl.d/{,**} r,
|
||||
/usr/lib/sysctl.d/{,**} r,
|
||||
@{lib}/sysctl.d/{,**} r,
|
||||
|
||||
/etc/ufw/sysctl.conf r, # Add support for ufw
|
||||
|
||||
|
|
|
|||
|
|
@ -16,11 +16,12 @@ profile systemd-binfmt @{exec_path} flags=(attach_disconnected) {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/* r,
|
||||
@{sbin}/* r,
|
||||
|
||||
# Config file locations
|
||||
/etc/binfmt.d/{,*.conf} r,
|
||||
@{run}/binfmt.d/{,*.conf} r,
|
||||
/usr/lib/binfmt.d/{,*.conf} r,
|
||||
@{lib}/binfmt.d/{,*.conf} r,
|
||||
|
||||
@{PROC}/sys/fs/binfmt_misc/register w,
|
||||
@{PROC}/sys/fs/binfmt_misc/status w,
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ profile systemd-sysctl @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/sysctl.d/{,*.conf} r,
|
||||
/etc/sysctl.conf r,
|
||||
/etc/sysctl.d/{,*.conf} r,
|
||||
/usr/lib/sysctl.d/{,*.conf} r,
|
||||
@{lib}/sysctl.d/{,*.conf} r,
|
||||
|
||||
@{PROC}/sys/** rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ profile systemd-sysusers @{exec_path} flags=(attach_disconnected) {
|
|||
# Config file locations
|
||||
/etc/sysusers.d/{,*.conf} r,
|
||||
@{run}/sysusers.d/{,*.conf} r,
|
||||
/usr/lib/sysusers.d/{,*.conf} r,
|
||||
@{lib}/sysusers.d/{,*.conf} r,
|
||||
|
||||
# Where the users can be created,
|
||||
/home/{,*} rw,
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ profile systemd-tmpfiles @{exec_path} flags=(attach_disconnected) {
|
|||
# Config file locations
|
||||
/etc/tmpfiles.d/{,*.conf} r,
|
||||
@{run}/tmpfiles.d/{,*.conf} r,
|
||||
/usr/lib/tmpfiles.d/{,*.conf} r,
|
||||
@{lib}/tmpfiles.d/{,*.conf} r,
|
||||
@{user_config_dirs}/user-tmpfiles.d/{,*.conf} r,
|
||||
@{run}/user/@{uid}/user-tmpfiles.d/{,*.conf} r,
|
||||
@{user_share_dirs}/user-tmpfiles.d/{,*.conf} r,
|
||||
|
|
@ -42,7 +42,7 @@ profile systemd-tmpfiles @{exec_path} flags=(attach_disconnected) {
|
|||
/etc/{,**} rw,
|
||||
/home/ rw,
|
||||
/opt/{,**} rw,
|
||||
/run/{,**} rw,
|
||||
@{run}/{,**} rw,
|
||||
/srv/{,**} rw,
|
||||
/tmp/{,**} rwk,
|
||||
/usr/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/4.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /usr/lib/ubuntu-advantage/apt_news.py
|
||||
@{exec_path} = @{lib}/ubuntu-advantage/apt_news.py
|
||||
profile apt_news @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/common/apt>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ abi <abi/4.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /usr/lib/ubuntu-advantage/esm_cache.py
|
||||
@{exec_path} = @{lib}/ubuntu-advantage/esm_cache.py
|
||||
profile esm_cache @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/python>
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ profile subiquity-console-conf @{exec_path} {
|
|||
@{bin}/ssh-keygen rPx,
|
||||
@{sbin}/sshd rPx,
|
||||
@{bin}/snap rPUx,
|
||||
/usr/lib/snapd/snap-recovery-chooser rPUx,
|
||||
@{lib}/snapd/snap-recovery-chooser rPUx,
|
||||
/usr/share/netplan/netplan.script rPx,
|
||||
|
||||
/usr/share/subiquity/{,**} r,
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=kill peer=cri-containerd.apparmor.d,
|
||||
signal (receive) set=kill peer=containerd,
|
||||
|
||||
mount -> /run/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,
|
||||
umount /run/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,
|
||||
mount -> @{run}/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,
|
||||
umount @{run}/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
mount /tmp/containerd-mount@{int}/,
|
||||
mount /var/lib/docker/**/,
|
||||
mount options=(rw bind) -> /run/docker/netns/*,
|
||||
mount options=(rw bind) -> @{run}/docker/netns/*,
|
||||
mount options=(rw rprivate) -> /.pivot_root@{int}/,
|
||||
mount options=(rw rslave) -> /,
|
||||
|
||||
|
|
@ -46,7 +46,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
|
|||
remount /var/lib/docker/**/,
|
||||
|
||||
umount /.pivot_root@{int}/,
|
||||
umount /run/docker/netns/*,
|
||||
umount @{run}/docker/netns/*,
|
||||
umount /tmp/containerd-mount@{int}/,
|
||||
umount /var/lib/docker/**/,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ profile aspell @{exec_path} flags=(complain) {
|
|||
|
||||
/usr/share/aspell/{,*} r,
|
||||
|
||||
/usr/lib/aspell/{,*} r,
|
||||
@{lib}/aspell/{,*} r,
|
||||
|
||||
/var/lib/aspell/{,*} r,
|
||||
/var/lib/aspell/*.rws rw,
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) {
|
|||
|
||||
/usr/share/aspell/{,*} r,
|
||||
|
||||
/usr/lib/aspell/{,*} r,
|
||||
/usr/lib/aspell/*.rws rw,
|
||||
@{lib}/aspell/{,*} r,
|
||||
@{lib}/aspell/*.rws rw,
|
||||
|
||||
/var/lib/aspell/ r,
|
||||
/var/lib/aspell/* rw,
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ profile gajim @{exec_path} {
|
|||
owner @{user_cache_dirs}/gajim/** rwk,
|
||||
|
||||
owner @{user_cache_dirs}/farstream/ rw,
|
||||
owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp@{rand6}} rw,
|
||||
owner @{user_cache_dirs}/farstream/codecs.audio.@{arch}.cache{,.tmp@{rand6}} rw,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile gpu-manager @{exec_path} {
|
|||
@{bin}/{,e}grep rix,
|
||||
|
||||
/etc/modprobe.d/{,**} r,
|
||||
/usr/lib/modprobe.d/{,**} r,
|
||||
@{lib}/modprobe.d/{,**} r,
|
||||
|
||||
/var/lib/ubuntu-drivers-common/* rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ profile hardinfo @{exec_path} {
|
|||
@{bin}/netstat rPx,
|
||||
@{bin}/qtchooser rPx,
|
||||
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-amd64/bin/javac rCx -> javac,
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-@{arch}/bin/javac rCx -> javac,
|
||||
|
||||
/usr/share/gdb/python/ r,
|
||||
/usr/share/gdb/python/** r,
|
||||
|
|
@ -132,9 +132,8 @@ profile hardinfo @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-amd64/bin/* mr,
|
||||
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-amd64/lib/** mr,
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-@{arch}/bin/* mr,
|
||||
@{lib}/jvm/java-[0-9]*-openjdk-@{arch}/lib/** mr,
|
||||
|
||||
/etc/java-[0-9]*-openjdk/** r,
|
||||
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ profile hwinfo @{exec_path} {
|
|||
include <abstractions/disks-read>
|
||||
|
||||
capability net_raw, # Needed for network related options
|
||||
capability sys_admin, # Needed for /proc/ioports
|
||||
capability sys_admin, # Needed for @{PROC}/ioports
|
||||
capability sys_rawio, # Needed for disk related options
|
||||
capability syslog, # Needed for /proc/kmsg
|
||||
capability syslog, # Needed for @{PROC}/kmsg
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile ip @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
mount fstype=sysfs -> /sys/,
|
||||
mount fstype=sysfs -> @{sys},
|
||||
mount options=(rw bind) / -> @{run}/netns/*,
|
||||
mount options=(rw rbind) @{run}/netns/ -> @{run}/netns/,
|
||||
mount options=(rw, bind) @{att}/ -> @{run}/netns/*,
|
||||
|
|
@ -29,7 +29,7 @@ profile ip @{exec_path} flags=(attach_disconnected) {
|
|||
mount options=(rw, rslave) -> /,
|
||||
|
||||
umount @{run}/netns/*,
|
||||
umount /sys/,
|
||||
umount @{sys},
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ profile kmod @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/etc/sysctl.conf r,
|
||||
/etc/sysctl.d/{,**} r,
|
||||
/usr/lib/sysctl.d/{,**} r,
|
||||
@{lib}/sysctl.d/{,**} r,
|
||||
|
||||
include if exists <local/kmod_sysctl>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -69,10 +69,11 @@ profile mkinitramfs @{exec_path} {
|
|||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/linux-version rPx,
|
||||
|
||||
/usr/share/initramfs-tools/hooks/** rPx,
|
||||
/usr/share/initramfs-tools/scripts/** rPx,
|
||||
@{lib}/initramfs-tools/hooks/** rPx,
|
||||
/etc/initramfs-tools/hooks/** rPx,
|
||||
/etc/initramfs-tools/scripts/** rPx,
|
||||
/usr/share/initramfs-tools/hooks/** rPx,
|
||||
/usr/share/initramfs-tools/scripts/** rPx,
|
||||
|
||||
/usr/share/initramfs-tools/{,**} r,
|
||||
/etc/initramfs-tools/{,**} r,
|
||||
|
|
|
|||
|
|
@ -19,14 +19,14 @@ profile needrestart-iucode-scan-versions @{exec_path} {
|
|||
@{sbin}/iucode_tool rix,
|
||||
|
||||
/usr/share/misc/ r,
|
||||
/usr/share/misc/amd64-microcode* r,
|
||||
/usr/share/misc/amd-microcode* r
|
||||
/usr/share/misc/intel-microcode* r,
|
||||
|
||||
/etc/default/amd64-microcode r,
|
||||
/etc/default/amd-microcode r,
|
||||
/etc/default/intel-microcode r,
|
||||
/etc/needrestart/iucode.sh r,
|
||||
|
||||
/boot/amd64-ucode.img r,
|
||||
/boot/amd-ucode.img r,
|
||||
/boot/intel-ucode.img r,
|
||||
/boot/early_ucode.cpio r,
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile pcb-gtk @{exec_path} {
|
|||
|
||||
/usr/share/pcb/ListLibraryContents.sh rix,
|
||||
|
||||
@{bin}/dash rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/cat rix,
|
||||
@{bin}/tr rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ profile resolvconf @{exec_path} {
|
|||
@{bin}/systemctl rCx -> systemctl,
|
||||
@{lib}/resolvconf/list-records rix,
|
||||
|
||||
/usr/lib/resolvconf/{,**} r,
|
||||
@{lib}/resolvconf/{,**} r,
|
||||
|
||||
@{etc_rw}/resolv.conf.bak rw,
|
||||
@{etc_rw}/resolv.conf rw,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue