felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): snap: simplify cgroup access.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-12 23:38:11 +02:00 committed by Alex
parent cd890bb81b
commit 5e38394986
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/snap/snapd
View file

@ -157,12 +157,11 @@ profile snapd @{exec_path} {
@{run}/systemd/private rw,
@{sys}/fs/cgroup/{,*/} r,
@{sys}/fs/cgroup/cgroup.controllers r,
@{sys}/fs/cgroup/system.slice/{,**/} r,
@{sys}/fs/cgroup/system.slice/snap*.service/cgroup.procs r,
@{sys}/fs/cgroup/*.slice/ r,
@{sys}/fs/cgroup/*.slice/*.service/{,**/} r,
@{sys}/fs/cgroup/*.slice/*-@{uid}.slice/*@@{uid}.service/app.slice/snap*.service/cgroup.procs r,
@{sys}/fs/cgroup/*.slice/*.slice/{,**/} r,
@{sys}/fs/cgroup/*.slice/**/cgroup.procs r,
@{sys}/fs/cgroup/cgroup.controllers r,
@{sys}/kernel/kexec_loaded r,
@{sys}/kernel/security/apparmor/.notify r,
@{sys}/kernel/security/apparmor/features/{,**} r,