felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-11 17:54:34 +01:00
parent c622f5de93
commit 6539b713fb
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
21 changed files with 66 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/groups/network/NetworkManager
View file

@ -43,6 +43,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
#aa:dbus own bus=system name=org.freedesktop.NetworkManager
#aa:dbus talk bus=system name=org.fedoraproject.FirewallD1 label=firewalld
#aa:dbus talk bus=system name=org.freedesktop.nm_dispatcher label=nm-dispatcher
#aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved
@ -61,11 +62,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
member=GetManagedObjects
peer=(name=:*, label=bluetoothd),
dbus send bus=system path=/org/fedoraproject/FirewallD1
interface=org.fedoraproject.FirewallD1.zone
member={changeZoneOfInterface,removeInterface}
peer=(name=org.freedesktop.DBus, label=firewalld),
dbus send bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
member=InterfacesAdded
@ -134,13 +130,13 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/@{pci}/net/*/{,**} r,
@{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/stat r,
@{PROC}/1/environ r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/net/** rw,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
/dev/rfkill rw,

15
apparmor.d/groups/network/tailscaled
View file

@ -30,20 +30,7 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
ptrace (read),
dbus send bus=system path=/org/freedesktop/resolve1
interface=org.freedesktop.DBus.Peer
member=Ping
peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
dbus send bus=system path=/org/freedesktop/resolve1
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
dbus send bus=system path=/org/freedesktop/resolve1
interface=org.freedesktop.resolve1.Manager
member={FlushCaches,SetLink*}
peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
#aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved
@{exec_path} mr,