feat(profile): remove transparent_hugepage rule already included in base.

2024-09-08 12:36:35 +01:00 · 2024-09-08 12:36:35 +01:00 · 7b04e28835
commit 7b04e28835
parent 98042620f6
35 changed files with 0 additions and 61 deletions
--- a/apparmor.d/profiles-s-z/sbctl
+++ b/apparmor.d/profiles-s-z/sbctl
@ -30,8 +30,6 @@ profile sbctl @{exec_path} {
  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
  @{sys}/firmware/efi/efivars/SetupMode-@{uuid} r,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  /dev/pts/@{int} rw,

  # File Inherit
--- a/apparmor.d/profiles-s-z/sing-box
+++ b/apparmor.d/profiles-s-z/sing-box
@ -31,8 +31,6 @@ profile sing-box @{exec_path} {

  owner @{user_share_dirs}/certmagic/** rw,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-  
  include if exists <local/sing-box>
 }

--- a/apparmor.d/profiles-s-z/snap
+++ b/apparmor.d/profiles-s-z/snap
@ -70,7 +70,6 @@ profile snap @{exec_path} {
  @{run}/mount/utab r,
  @{run}/snapd.socket rw,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  @{sys}/kernel/security/apparmor/features/{,**} r,

        @{PROC}/@{pids}/cgroup r,
--- a/apparmor.d/profiles-s-z/snap-failure
+++ b/apparmor.d/profiles-s-z/snap-failure
@ -19,8 +19,6 @@ profile snap-failure @{exec_path} {

  /var/lib/snapd/sequence/snapd.json r,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  @{PROC}/cmdline r,

  profile systemctl {
--- a/apparmor.d/profiles-s-z/snap-seccomp
+++ b/apparmor.d/profiles-s-z/snap-seccomp
@ -20,8 +20,6 @@ profile snap-seccomp @{exec_path} {

  /var/lib/snapd/seccomp/bpf/{,**} rw,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  owner @{PROC}/@{pids}/mountinfo r,

  deny @{user_share_dirs}/gvfs-metadata/* r,
--- a/apparmor.d/profiles-s-z/snap-update-ns
+++ b/apparmor.d/profiles-s-z/snap-update-ns
@ -47,7 +47,6 @@ profile snap-update-ns @{exec_path} {
  @{sys}/fs/cgroup/{,**/} r,
  @{sys}/fs/cgroup/system.slice/snap.*.service/cgroup.freeze rw,
  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/snap*.service/cgroup.freeze rw,
-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

  @{PROC}/@{pids}/cgroup r,
  @{PROC}/cmdline r,
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@ -153,7 +153,6 @@ profile snapd @{exec_path} {
  @{sys}/fs/cgroup/user.slice/ r,
  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/{,**/} r,
  @{sys}/kernel/kexec_loaded r,
-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  @{sys}/kernel/security/apparmor/features/{,**} r,
  @{sys}/kernel/security/apparmor/profiles r,

--- a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener
+++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener
@ -16,8 +16,6 @@ profile snapd-aa-prompt-listener @{exec_path} {

  @{lib_dirs}/snapd/info r,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  @{PROC}/cmdline r,

  include if exists <local/snapd-aa-prompt-listener>
--- a/apparmor.d/profiles-s-z/snapd-apparmor
+++ b/apparmor.d/profiles-s-z/snapd-apparmor
@ -22,8 +22,6 @@ profile snapd-apparmor @{exec_path} {

  /var/lib/snapd/apparmor/profiles/ r,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  @{PROC}/cmdline r,

  include if exists <local/snapd-apparmor>
--- a/apparmor.d/profiles-s-z/syncthing
+++ b/apparmor.d/profiles-s-z/syncthing
@ -36,8 +36,6 @@ profile syncthing @{exec_path} {
  /home/ r,
  @{user_sync_dirs}/{,**} rw,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
        @{PROC}/@{pids}/net/route r,
        @{PROC}/sys/net/core/somaxconn r,
  owner @{PROC}/@{pid}/cgroup r,
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@ -37,8 +37,6 @@ profile zsysd @{exec_path} flags=(complain) {
  @{PROC}/cmdline r,
  @{PROC}/sys/kernel/spl/hostid r,

-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-
  /dev/pts/@{int} rw,
  /dev/zfs rw,