feat(profiles): general update.
This commit is contained in:
Alexandre Pujol
parent
671dcca38d
commit
63e5980d8d
33 changed files with 177 additions and 85 deletions
|
|
@ -24,6 +24,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
capability net_admin,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
capability sys_nice,
|
||||
|
||||
signal (send) peer=apt-methods-*,
|
||||
|
||||
|
|
@ -60,9 +61,10 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
# Methods to use to download packages from the net
|
||||
/{usr/,}lib/apt/methods/* rPx,
|
||||
|
||||
/var/lib/apt/extended_states{,.*} rw,
|
||||
/var/lib/apt/lists/** rw,
|
||||
/var/lib/apt/lists/lock rwk,
|
||||
/var/lib/apt/extended_states{,.*} rw,
|
||||
/var/lib/apt/periodic/update-success-stamp rw,
|
||||
|
||||
/var/log/apt/eipp.log.xz w,
|
||||
/var/log/apt/{term,history}.log w,
|
||||
|
|
|
|||
|
|
@ -9,10 +9,11 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/unattended-upgrade
|
||||
profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/openssl>
|
||||
include <abstractions/python>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability chown,
|
||||
capability dac_override,
|
||||
|
|
@ -78,6 +79,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
|
|||
owner /tmp/#[0-9]* rw,
|
||||
|
||||
owner @{PROC}/@{pids}/fd/ r,
|
||||
@{PROC}/@{pids}/mountinfo r,
|
||||
|
||||
include if exists <local/unattended-upgrade>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue