felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): new definition for MOUNTs, add MOUNTDIRS.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-12 22:51:37 +01:00
parent 9493e783ce
commit 779853dc7f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
62 changed files with 198 additions and 203 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/groups/gpg/dirmngr
View file

@ -29,11 +29,11 @@ profile dirmngr @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/crls.d/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/ rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/dirmngr.conf r,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/crls.d/ rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/dirmngr.conf r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/crls.d/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
owner @{run}/user/@{uid}/gnupg/ rw,
owner @{run}/user/@{uid}/gnupg/S.dirmngr rw,

2
apparmor.d/groups/gpg/gpg
View file

@ -77,7 +77,7 @@ profile gpg @{exec_path} {
# Verify files
owner @{HOME}/** r,
owner @{MOUNTS}/*/** r,
owner @{MOUNTS}/** r,
owner @{PROC}/@{pid}/task/@{tid}/stat rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,

12
apparmor.d/groups/gpg/gpg-agent
View file

@ -29,12 +29,12 @@ profile gpg-agent @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{HOME}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/ rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/ rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/gpg-agent.conf r,