felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup profiles according to standards

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-09 20:33:47 +02:00 committed by Alex
parent c9b4423e45
commit 59f8b893ff
3 changed files with 47 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-s-z/zfs
View file

@ -10,8 +10,9 @@ profile zfs @{exec_path} flags=(complain) {
@{exec_path} r,
/dev/zfs rw,
@{PROC}/@{pids}/mounts r,
/dev/zfs rw,
include if exists <local/zfs>
}

19
apparmor.d/profiles-s-z/zpool
View file

@ -11,18 +11,19 @@ profile zpool @{exec_path} flags=(complain) {
@{exec_path} rm,
/{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix,
/{usr/,}{local/,}bin/{ba,da,k,z,}sh rix,
/dev/zfs rw,
/{usr/,}bin/{,ba,da}sh rix,
/etc/hostid r,
@{run}/blkid/blkid.tab rw,
@{run}/blkid/blkid.tab.old l,
@{run}/blkid/blkid.tab-* rwl,
@{PROC}/sys/kernel/spl/hostid r,
@{PROC}/@{pids}/mounts r,
/dev/zfs rw,
/dev/pts/[0-9]* rw,
/etc/hostid r,
@{PROC}/sys/kernel/spl/hostid r,
/run/blkid/blkid.tab wr,
/run/blkid/blkid.tab.old l,
/run/blkid/blkid.tab-* wrl,
include if exists <local/zfs>
}