felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-20 00:04:39 +00:00
parent c074c09e3b
commit 7b880a5142
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
19 changed files with 84 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/_full/systemd
View file

@ -76,6 +76,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
mount options=(rw move) -> /tmp/,
mount options=(rw move) @{run}/systemd/namespace-@{rand6}/{,**} -> @{run}/systemd/mount-rootfs/{,**},
mount options=(rw rbind) -> @{run}/systemd/mount-rootfs/{,**},
mount options=(rw rbind) -> @{run}/systemd/unit-root/{,**},
mount options=(rw rshared) -> /,
mount options=(rw rslave) -> /,
mount options=(rw rslave) -> /dev/,
@ -86,6 +87,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
remount @{MOUNTDIRS}/,
remount @{MOUNTS}/{,**},
remount @{run}/systemd/mount-rootfs/{,**},
remount @{run}/systemd/unit-root/{,**},
remount /,
remount /snap/{,**},
remount options=(ro noexec noatime bind) /var/snap/{,**},
@ -246,7 +248,6 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
/dev/autofs r,
/dev/kmsg w,
/dev/shm/ r,
owner /dev/console rwk,
owner /dev/dri/card@{int} rw,
owner /dev/hugepages/ rw,
@ -254,6 +255,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
owner /dev/input/event@{int} rw,
owner /dev/mqueue/ rw,
owner /dev/rfkill rw,
owner /dev/shm/ rw,
owner /dev/ttyS@{int} rwk,
include if exists <usr/systemd.d>

3
apparmor.d/groups/_full/systemd-service
View file

@ -27,6 +27,9 @@ profile systemd-service @{exec_path} flags=(attach_disconnected) {
@{coreutils_path} rix,
@{sh_path} rmix,
# ifup@.service
@{bin}/ifup rPx,
# shadow.service
@{bin}/pwck rPx,
@{bin}/grpck rPx,