feat(profile): small improvment with systemd.
This commit is contained in:
Alexandre Pujol
parent
b10f2df5ec
commit
7bc248577a
8 changed files with 20 additions and 8 deletions
|
|
@ -43,6 +43,7 @@ profile bootctl @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{sys}/class/tpmrm/ r,
|
||||
|
||||
@{sys}/devices/pnp@{int}/**/tpm/tpm@{int}/tpm_version_major r,
|
||||
@{sys}/devices/virtual/dmi/id/{board_vendor,bios_vendor} r,
|
||||
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -39,13 +39,14 @@ profile busctl @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{pager_path} rPx -> child-pager,
|
||||
|
||||
@{PROC}/@{pid}/attr/current r,
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/comm r,
|
||||
@{PROC}/@{pid}/fdinfo/@{int} r,
|
||||
@{PROC}/@{pid}/loginuid r,
|
||||
@{PROC}/@{pid}/sessionid r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fdinfo/@{int} r,
|
||||
owner @{PROC}/@{pid}/loginuid r,
|
||||
owner @{PROC}/@{pid}/sessionid r,
|
||||
|
||||
include if exists <local/busctl>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
|
|||
/{run,var}/log/journal/@{hex32}/system.journal* r,
|
||||
/{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r,
|
||||
|
||||
@{att}/@{run}/systemd/netif/io.systemd.Network rw,
|
||||
|
||||
@{run}/systemd/netif/leases/@{int} r,
|
||||
@{run}/systemd/netif/links/@{int} r,
|
||||
@{run}/systemd/netif/state r,
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
|
|||
/ r,
|
||||
@{bin}/* r,
|
||||
/opt/** r,
|
||||
@{user_lib_dirs}/** r,
|
||||
|
||||
/etc/systemd/coredump.conf r,
|
||||
/etc/systemd/coredump.conf.d/{,**} r,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
mqueue getattr type=posix /,
|
||||
mqueue r type=posix /,
|
||||
|
||||
unix (bind) type=stream addr=@@{udbus}/bus/systemd-logind/system,
|
||||
|
|
@ -95,6 +96,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
|
||||
|
||||
@{att}/@{run}/systemd/notify w,
|
||||
@{att}/@{run}/systemd/userdb/io.systemd.DynamicUser rw,
|
||||
@{att}/@{run}/systemd/userdb/io.systemd.Multiplexer rw,
|
||||
|
||||
@{run}/systemd/inhibit/ rw,
|
||||
|
|
|
|||
|
|
@ -72,6 +72,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
|
|||
@{PROC}/pressure/* r,
|
||||
@{PROC}/sys/net/ipv{4,6}/** rw,
|
||||
owner @{PROC}/@{pid}/fdinfo/@{int} r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
include if exists <local/systemd-networkd>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ abi <abi/4.0>,
|
|||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{lib}/systemd/systemd-sulogin-shell
|
||||
profile systemd-sulogin-shell @{exec_path} {
|
||||
profile systemd-sulogin-shell @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/common/systemd>
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,11 @@ profile systemd-tty-ask-password-agent @{exec_path} {
|
|||
|
||||
@{run}/systemd/ask-password-block/{,*} rw,
|
||||
@{run}/systemd/ask-password/{,*} rw,
|
||||
|
||||
@{run}/user/@{uid}/ w,
|
||||
@{run}/user/@{uid}/systemd/ w,
|
||||
@{run}/user/@{uid}/systemd/ask-password/ rw,
|
||||
|
||||
@{run}/utmp rk,
|
||||
|
||||
@{PROC}/@{pids}/stat r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue