felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-05 22:47:37 +01:00
parent 671dcca38d
commit 63e5980d8d
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
33 changed files with 177 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-g-l/ifup
View file

@ -12,8 +12,7 @@ profile ifup @{exec_path} {
include <abstractions/base>
capability net_admin,
# Needed?
audit deny capability sys_module,
audit capability sys_module,
network netlink raw,

9
apparmor.d/profiles-g-l/logrotate
View file

@ -8,7 +8,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/logrotate
profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
profile logrotate @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/nameservice-strict>
@ -71,16 +71,15 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
/var/lib/logrotate.status rwk,
/var/lib/logrotate.status.tmp rw,
/ r,
/var/log{,.hdd}/ r,
/var/log{,.hdd}/** rw,
# Needed to remove the following error:
# logrotate[]: error: could not change directory to '.'
/ r,
@{run}/systemd/private rw,
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
profile systemctl flags=(attach_disconnected, complain) {
profile systemctl flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/wutmp>