From 790c4d6b71f89fa9b8b55ff9903aff92cebb2d7a Mon Sep 17 00:00:00 2001 From: nobodysu Date: Tue, 18 Oct 2022 21:16:49 +0300 Subject: [PATCH] remove complain --- apparmor.d/groups/network/NetworkManager | 6 ++++-- apparmor.d/groups/network/mullvad-daemon | 2 +- apparmor.d/groups/network/tailscaled | 4 ++-- apparmor.d/groups/systemd/systemd-timedated | 2 +- apparmor.d/groups/systemd/systemd-timesyncd | 2 +- apparmor.d/groups/virt/libvirtd | 4 ++-- apparmor.d/groups/virt/virt-aa-helper | 2 +- apparmor.d/profiles-a-f/blkid | 2 +- apparmor.d/profiles-a-f/dhclient-script | 4 ++-- apparmor.d/profiles-g-l/lvm | 2 +- apparmor.d/profiles-g-l/lvmconfig | 2 +- apparmor.d/profiles-m-r/polipo | 2 +- apparmor.d/profiles-m-r/resolvconf | 2 +- 13 files changed, 19 insertions(+), 17 deletions(-) diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 217cc7ee4..e5beed872 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}{,s}bin/NetworkManager -profile NetworkManager @{exec_path} flags=(complain attach_disconnected) { +profile NetworkManager @{exec_path} flags=(attach_disconnected) { include include include @@ -104,6 +104,7 @@ profile NetworkManager @{exec_path} flags=(complain attach_disconnected) { / r, /etc/ r, + /etc/machine-id r, @{etc_rw}/resolv.conf rw, @{etc_rw}/resolv.conf.[0-9A-Z]* rw, /etc/network/interfaces r, @@ -112,7 +113,7 @@ profile NetworkManager @{exec_path} flags=(complain attach_disconnected) { /etc/NetworkManager/{,**} r, /etc/NetworkManager/system-connections/{,**} w, - /etc/machine-id r, + /var/lib/iwd/*open* rw, /var/lib/NetworkManager/{,**} rw, @{sys}/bus/ r, @@ -135,6 +136,7 @@ profile NetworkManager @{exec_path} flags=(complain attach_disconnected) { @{sys}/devices/pci[0-9]*/**/net/*/{,**} r, @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r, + owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, @{PROC}/@{pids}/stat r, @{PROC}/1/environ r, diff --git a/apparmor.d/groups/network/mullvad-daemon b/apparmor.d/groups/network/mullvad-daemon index 7a786deaf..6484e034a 100644 --- a/apparmor.d/groups/network/mullvad-daemon +++ b/apparmor.d/groups/network/mullvad-daemon @@ -7,7 +7,7 @@ abi , include @{exec_path} = "/opt/Mullvad VPN/resources/mullvad-daemon" -profile mullvad-daemon @{exec_path} flags=(attach_disconnected complain) { +profile mullvad-daemon @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/network/tailscaled b/apparmor.d/groups/network/tailscaled index 7b523f52c..91be1c1f2 100644 --- a/apparmor.d/groups/network/tailscaled +++ b/apparmor.d/groups/network/tailscaled @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}{,s}bin/tailscaled -profile tailscaled @{exec_path} flags=(attach_disconnected complain) { +profile tailscaled @{exec_path} flags=(attach_disconnected) { include include include @@ -63,7 +63,7 @@ profile tailscaled @{exec_path} flags=(attach_disconnected complain) { /dev/net/tun rw, - profile systemctl flags=(attach_disconnected complain) { + profile systemctl { include capability mknod, diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated index d76562ab1..21911870d 100644 --- a/apparmor.d/groups/systemd/systemd-timedated +++ b/apparmor.d/groups/systemd/systemd-timedated @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/systemd/systemd-timedated -profile systemd-timedated @{exec_path} flags=(attach_disconnected complain) { +profile systemd-timedated @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd index 56510bc14..3b6ea99d3 100644 --- a/apparmor.d/groups/systemd/systemd-timesyncd +++ b/apparmor.d/groups/systemd/systemd-timesyncd @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/systemd/systemd-timesyncd -profile systemd-timesyncd @{exec_path} flags=(complain attach_disconnected) { +profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index acd613403..52b178ecf 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -15,7 +15,7 @@ abi , include @{exec_path} = /{usr/,}{s,}bin/libvirtd -profile libvirtd @{exec_path} flags=(attach_disconnected complain) { +profile libvirtd @{exec_path} flags=(attach_disconnected) { include include include @@ -248,7 +248,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected complain) { audit deny @{sys}/kernel/security/apparmor/matching rwxl, audit deny @{sys}/kernel/security/apparmor/.* rwxl, - profile qemu_bridge_helper flags=(attach_disconnected complain) { + profile qemu_bridge_helper { include capability net_admin, diff --git a/apparmor.d/groups/virt/virt-aa-helper b/apparmor.d/groups/virt/virt-aa-helper index cc2b841bb..ebf5ff347 100644 --- a/apparmor.d/groups/virt/virt-aa-helper +++ b/apparmor.d/groups/virt/virt-aa-helper @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/libvirt/virt-aa-helper -profile virt-aa-helper @{exec_path} flags=(complain ) { +profile virt-aa-helper @{exec_path} { include include diff --git a/apparmor.d/profiles-a-f/blkid b/apparmor.d/profiles-a-f/blkid index c7612907f..105111821 100644 --- a/apparmor.d/profiles-a-f/blkid +++ b/apparmor.d/profiles-a-f/blkid @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}{s,}bin/blkid -profile blkid @{exec_path} flags=(complain ) { +profile blkid @{exec_path} { include include include diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script index 49610d7b4..cac62f6c1 100644 --- a/apparmor.d/profiles-a-f/dhclient-script +++ b/apparmor.d/profiles-a-f/dhclient-script @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}{s,}bin/dhclient-script -profile dhclient-script @{exec_path} flags=(complain ) { +profile dhclient-script @{exec_path} { include include include @@ -68,7 +68,7 @@ profile dhclient-script @{exec_path} flags=(complain ) { owner @{PROC}/@{pid}/loginuid r, @{PROC}/sys/net/ipv6/conf/*/stable_secret w, - profile run-parts flags=(complain ) { + profile run-parts { include /{usr/,}bin/run-parts mr, diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm index 994067a00..8f386faea 100644 --- a/apparmor.d/profiles-g-l/lvm +++ b/apparmor.d/profiles-g-l/lvm @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}{s,}bin/lvm -profile lvm @{exec_path} flags=(complain) { +profile lvm @{exec_path} { include include include diff --git a/apparmor.d/profiles-g-l/lvmconfig b/apparmor.d/profiles-g-l/lvmconfig index b6a20be8f..6511c3deb 100644 --- a/apparmor.d/profiles-g-l/lvmconfig +++ b/apparmor.d/profiles-g-l/lvmconfig @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}{s,}bin/lvmconfig -profile lvmconfig @{exec_path} flags=(complain) { +profile lvmconfig @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/polipo b/apparmor.d/profiles-m-r/polipo index cd840559f..a4ab05b37 100644 --- a/apparmor.d/profiles-m-r/polipo +++ b/apparmor.d/profiles-m-r/polipo @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}bin/polipo -profile polipo @{exec_path} flags=(complain ) { +profile polipo @{exec_path} { include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf index feddad0a8..c2014727f 100644 --- a/apparmor.d/profiles-m-r/resolvconf +++ b/apparmor.d/profiles-m-r/resolvconf @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}sbin/resolvconf -profile resolvconf @{exec_path} flags=(complain) { +profile resolvconf @{exec_path} { include include