felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): initial integration with attached path.

Browse source 
The feature is not yet enabled.

See https://apparmor.pujol.io/development/internal/#re-attached-path
This commit is contained in:
Alexandre Pujol 2024-10-11 14:13:17 +01:00
parent 5bf8c6ef0f
commit 61a27bc336
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
85 changed files with 164 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-m-r/mission-control
View file

@ -25,7 +25,7 @@ profile mission-control @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
owner @{user_cache_dirs}/.mc_connections rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
include if exists <local/mission-control>
}

3
apparmor.d/profiles-m-r/nvtop
View file

@ -23,7 +23,8 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/nvtop/{,**} rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card*

3
apparmor.d/profiles-m-r/packagekitd
View file

@ -94,7 +94,8 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
owner @{tmp}/apt-changelog-@{rand6}/.apt-acquire-privs-test.@{rand6} rw,
owner @{tmp}/packagekit* rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/systemd/users/@{uid} r,
#aa:only opensuse

2
apparmor.d/profiles-m-r/psi
View file

@ -57,7 +57,7 @@ profile psi @{exec_path} {
owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-m-r/psi-plus
View file

@ -57,7 +57,7 @@ profile psi-plus @{exec_path} {
owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi+.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,