felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81)

Browse source 
* Unbreaking Debian 11 and partially Ubuntu 22.04

* pre-cleanup

* pre-cleanup2

* Update im-launch

* Update gnome-extension-ding

* polishing

* not yet

* Update ubuntu.flags

Allow GDM to boot. `No new privs` fix.

* Update debian.flags

Allow GDM to boot. `No new privs` fix.

* Update CONTRIBUTING.md

* fixes

* reverting w

* move setpriv to main.flags
This commit is contained in:
nobodysu 2022-10-14 21:21:56 +00:00 committed by GitHub
parent bdcaa040fe
commit 643a84997e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
110 changed files with 3157 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

24
apparmor.d/groups/network/ModemManager
View file

@ -14,18 +14,23 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
network netlink raw,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus send bus=system path=/org/freedesktop/login[0-9]
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=Inhibit,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus),
dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={UserNew,SessionNew,PrepareForShutdown,SeatNew,UserRemoved,SessionRemoved,PrepareForSleep}
peer=(name=:*, label=systemd-logind),
dbus receive bus=system path=/org/freedesktop/ModemManager[0-9]
interface=org.freedesktop.DBus.ObjectManager
@ -39,10 +44,6 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.PolicyKit[0-9].Authority
member=Changed,
dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={UserNew,SessionNew,PrepareForShutdown,SeatNew,UserRemoved,SessionRemoved},
dbus bind bus=system
name=org.freedesktop.ModemManager[0-9],
@ -50,6 +51,8 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r,
@{run}/udev/data/+usb:* r,
@{run}/udev/data/c189:[0-9]* r,
@{run}/udev/data/c4:[0-9]* r, # for /dev/tty[0-9]*
@{run}/udev/data/c5:[0-9]* r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/n[0-9]* r,
@ -57,6 +60,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/*.ref rw,
@{sys}/bus/ r,
@{sys}/bus/usb/devices/ r,
@{sys}/class/ r,
@{sys}/class/net/ r,
@{sys}/class/tty/ r,
@ -68,4 +72,4 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/virtual/tty/*/ r,
include if exists <local/ModemManager>
}
}

9
apparmor.d/groups/network/NetworkManager
View file

@ -44,7 +44,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={SessionRemoved,UserNew,SessionNew,Inhibit,PrepareForShutdown,UserRemoved},
member={SessionRemoved,UserNew,SessionNew,Inhibit,PrepareForShutdown,UserRemoved,PrepareForSleep}
peer=(name=:*, label=systemd-logind),
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
@ -52,7 +53,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
dbus send bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
member=InterfacesAdded,
member={InterfacesAdded,InterfacesRemoved}
peer=(name=org.freedesktop.DBus), # label="{gnome-shell,...}"
dbus send bus=system path=/org/freedesktop/nm_dispatcher
interface=org.freedesktop.nm_dispatcher
@ -105,6 +107,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
/etc/machine-id r,
/etc/resolv.conf rw,
/etc/resolv.conf.[0-9A-Z]* rw,
/etc/network/interfaces r,
/etc/network/interfaces.d/{,*} r,
/etc/NetworkManager/{,**} r,
/etc/NetworkManager/system-connections/{,**} w,
@ -118,6 +122,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{sys}/class/net/ r,
@{sys}/class/net/rfkill/ r,
@{run}/network/ifstate r,
@{run}/NetworkManager/{,**} rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/users/@{uid} r,

2
apparmor.d/groups/network/nm-dispatcher
View file

@ -34,5 +34,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/notify rw,
owner @{PROC}/@{pid}/fd/ r,
include if exists <local/nm-dispatcher>
}