felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(profiles): use @{bin} and @{lib} in profiles (6)

Browse source
This commit is contained in:
Alexandre Pujol 2023-07-09 14:46:56 +01:00
parent fcedbbfd95
commit 7c2c806ffa
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
156 changed files with 828 additions and 791 deletions
Download patch file Download diff file Expand all files Collapse all files

102
apparmor.d/profiles-m-r/mkinitramfs
View file

@ -8,7 +8,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/mkinitramfs
@{exec_path} = @{bin}/mkinitramfs
profile mkinitramfs @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -19,49 +19,49 @@ profile mkinitramfs @{exec_path} {
capability fsetid,
@{exec_path} r,
/{usr/,}bin/{,ba,da}sh rix,
@{bin}/{,ba,da}sh rix,
/{usr/,}{s,}bin/ r,
/{usr/,}lib/ r,
/{usr/,}lib64/ r,
@{bin}/ r,
@{lib}/ r,
@{lib}64/ r,
/{usr/,}bin/{,e}grep rix,
/{usr/,}bin/basename rix,
/{usr/,}bin/bzip2 rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/chmod rix,
/{usr/,}bin/cp rix,
/{usr/,}bin/cpio rix,
/{usr/,}bin/dirname rix,
/{usr/,}bin/env rix,
/{usr/,}bin/getopt rix,
/{usr/,}bin/gzip rix,
/{usr/,}bin/id rix,
/{usr/,}bin/ln rix,
/{usr/,}bin/lzma rix,
/{usr/,}bin/lzop rix,
/{usr/,}bin/mkdir rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/readlink rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/rmdir rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/sort rix,
/{usr/,}bin/touch rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/tsort rix,
/{usr/,}bin/xargs rix,
/{usr/,}bin/xz rix,
/{usr/,}bin/zstd rix,
@{bin}/{,e}grep rix,
@{bin}/basename rix,
@{bin}/bzip2 rix,
@{bin}/cat rix,
@{bin}/chmod rix,
@{bin}/cp rix,
@{bin}/cpio rix,
@{bin}/dirname rix,
@{bin}/env rix,
@{bin}/getopt rix,
@{bin}/gzip rix,
@{bin}/id rix,
@{bin}/ln rix,
@{bin}/lzma rix,
@{bin}/lzop rix,
@{bin}/mkdir rix,
@{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/rm rix,
@{bin}/rmdir rix,
@{bin}/sed rix,
@{bin}/sort rix,
@{bin}/touch rix,
@{bin}/tr rix,
@{bin}/tsort rix,
@{bin}/xargs rix,
@{bin}/xz rix,
@{bin}/zstd rix,
/{usr/,}bin/ldd rCx -> ldd,
/{usr/,}lib{32,64}/ld-linux.so.2 rCx -> ldd,
/{usr/,}sbin/ldconfig rCx -> ldconfig,
/{usr/,}bin/find rCx -> find,
/{usr/,}bin/kmod rCx -> kmod,
@{bin}/find rCx -> find,
@{bin}/kmod rCx -> kmod,
@{bin}/ldconfig rCx -> ldconfig,
@{bin}/ldd rCx -> ldd,
@{lib}/ld-linux.so.2 rCx -> ldd,
/{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}bin/linux-version rPx,
@{bin}/dpkg rPx -> child-dpkg,
@{bin}/linux-version rPx,
# What to do with it? (#FIXME#)
/usr/share/initramfs-tools/hooks/* rPUx,
@ -98,14 +98,14 @@ profile mkinitramfs @{exec_path} {
include <abstractions/consoles>
include <abstractions/nameservice-strict>
/{usr/,}bin/ldd mr,
@{bin}/ldd mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/kmod mr,
/{usr/,}lib/initramfs-tools/bin/* mr,
@{bin}/{,ba,da}sh rix,
@{bin}/kmod mr,
@{lib}/initramfs-tools/bin/* mr,
/{usr/,}lib/@{multiarch}/ld-*.so* rix,
/{usr/,}lib{,x}32/ld-*.so{,.2} rix,
@{lib}/@{multiarch}/ld-*.so* rix,
@{lib}{,x}32/ld-*.so{,.2} rix,
}
@ -115,10 +115,10 @@ profile mkinitramfs @{exec_path} {
capability sys_chroot,
/{usr/,}{s,}bin/ldconfig mr,
@{bin}/ldconfig mr,
/{usr/,}{s,}bin/ldconfig.real rix,
/{usr/,}bin/{,ba,da}sh rix,
@{bin}/{,ba,da}sh rix,
@{bin}/ldconfig.real rix,
owner /var/tmp/mkinitramfs_*/etc/ld.so.conf r,
owner /var/tmp/mkinitramfs_*/etc/ld.so.conf.d/{,*.conf} r,
@ -139,7 +139,7 @@ profile mkinitramfs @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
/{usr/,}bin/find mr,
@{bin}/find mr,
# pwd dir
/ r,
@ -158,7 +158,7 @@ profile mkinitramfs @{exec_path} {
include <abstractions/consoles>
include <abstractions/openssl>
/{usr/,}bin/kmod mr,
@{bin}/kmod mr,
@{PROC}/cmdline r,