felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): small profiles update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-06 20:43:18 +01:00
parent 01a1af6c1b
commit 6b0b498244
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
13 changed files with 57 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/systemd/systemd-dissect
View file

@ -17,10 +17,11 @@ profile systemd-dissect @{exec_path} flags=(attach_disconnected) {
capability sys_admin,
capability sys_resource,
mount options=(rw rshared rslave) -> /,
mount options=(rw nodev) -> /mnt/*/,
mount -> /tmp/dissect-@{rand6}/,
mount options=(ro nodev) /dev/loop* -> @{run}/systemd/dissect-root/,
mount fstype=tmpfs options=(rw nodev) rootfs -> @{run}/systemd/dissect-root/,
mount options=(ro nodev) /dev/loop* -> @{run}/systemd/dissect-root/{,**/},
mount options=(rw nodev) -> /mnt/*/,
mount options=(rw rshared rslave) -> /,
umount @{run}/systemd/dissect-root/,