felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): minor fsp related improvment.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-31 13:49:16 +02:00
parent 2282128cbd
commit 6c6e1c3456
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 10 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/freedesktop/colord
View file

@ -23,6 +23,7 @@ profile colord @{exec_path} flags=(attach_disconnected) {
#aa:dbus own bus=system name=org.freedesktop.ColorManager #aa:dbus own bus=system name=org.freedesktop.ColorManager
@{exec_path} mrix, @{exec_path} mrix,
@{lib}/colord-sane ix,
/etc/machine-id r, /etc/machine-id r,
/etc/sane.d/{,**} r, /etc/sane.d/{,**} r,
@ -44,8 +45,8 @@ profile colord @{exec_path} flags=(attach_disconnected) {
owner /var/lib/snmp/mibs/{iana,ietf}/ r, owner /var/lib/snmp/mibs/{iana,ietf}/ r,
owner /var/lib/snmp/mibs/{iana,ietf}/[A-Z]* r, owner /var/lib/snmp/mibs/{iana,ietf}/[A-Z]* r,
@{att}/@{desktop_share_dirs}/icc/edid-*.icc r, @{att}/@{desktop_share_dirs}/icc/edid-@{hex32}.icc r,
@{att}/@{user_share_dirs}/icc/edid-*.icc r, @{att}/@{user_share_dirs}/icc/edid-@{hex32}.icc r,
@{run}/systemd/sessions/* r, @{run}/systemd/sessions/* r,

2
apparmor.d/groups/grub/grub-mkconfig
View file

@ -56,7 +56,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
@{bin}/tr rix, @{bin}/tr rix,
@{bin}/umount rPx, @{bin}/umount rPx,
@{bin}/uname rix, @{bin}/uname rix,
@{bin}/which rix, @{bin}/which{,.debianutils} rix,
@{bin}/zfs rPx, @{bin}/zfs rPx,
@{bin}/zpool rPx, @{bin}/zpool rPx,
/etc/grub.d/{,**} rix, /etc/grub.d/{,**} rix,

2
apparmor.d/groups/network/tailscaled
View file

@ -31,7 +31,7 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
ptrace (read), ptrace (read),
#aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved #aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}"
@{exec_path} mr, @{exec_path} mr,

6
apparmor.d/groups/systemd-service/snapd.system-shutdown.service
View file

@ -13,9 +13,9 @@ include <tunables/global>
profile snapd.system-shutdown.service { profile snapd.system-shutdown.service {
include <abstractions/base> include <abstractions/base>
audit @{bin}/cp ix, @{bin}/cp ix,
audit @{bin}/mkdir ix, @{bin}/mkdir ix,
audit @{bin}/mount ix, @{bin}/mount ix,
@{lib}/snapd/system-shutdown r, @{lib}/snapd/system-shutdown r,

2
apparmor.d/groups/ubuntu/fanctl
View file

@ -19,7 +19,7 @@ profile fanctl @{exec_path} flags=(attach_disconnected) {
@{bin}/id ix, @{bin}/id ix,
@{bin}/touch ix, @{bin}/touch ix,
@{bin}/mkdir ix, @{bin}/mkdir ix,
@{sbin}/ip ix, @{bin}/ip ix,
@{bin}/sed ix, @{bin}/sed ix,
/etc/network/fan r, /etc/network/fan r,

2
apparmor.d/profiles-g-l/ischroot
View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/ischroot @{exec_path} = @{bin}/ischroot
profile ischroot @{exec_path} { profile ischroot @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>