felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-11 17:54:34 +01:00
parent c622f5de93
commit 6539b713fb
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
21 changed files with 66 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/pacman/makepkg
View file

@ -11,6 +11,9 @@ profile makepkg @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
signal send set=winch peer=pacman,
signal send set=winch peer=pacman//systemctl,
network inet stream,
network inet6 stream,
network inet dgram,
@ -48,6 +51,7 @@ profile makepkg @{exec_path} {
owner @{run}/user/@{uid}/ r,
owner @{run}/user/@{uid}/gnupg/ r,
owner @{run}/user/@{uid}/gnupg/d.@{rand}/ rw,
owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.scdaemon rw,
owner @{run}/user/@{uid}/gnupg/S.scdaemon rw,

6
apparmor.d/groups/pacman/pacman
View file

@ -37,9 +37,10 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
network netlink raw,
network unix stream,
ptrace (read),
ptrace read,
signal (send) set=(usr1) peer=gvfsd,
signal send set=usr1 peer=gvfsd,
signal receive set=winch peer=makepkg//sudo,
@{exec_path} mrix,
@ -194,6 +195,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
capability sys_resource,
signal send set=cont peer=child-pager,
signal receive set=winch peer=makepkg//sudo,
@{pager_path} rPx -> child-pager,