chore(profile): add abi and local include when missing.

2024-10-06 15:57:47 +01:00 · 2024-10-06 15:57:47 +01:00 · 7ccaab8234
commit 7ccaab8234
parent 105a9b4def
61 changed files with 84 additions and 28 deletions
--- a/apparmor.d/groups/apt/apt-key
+++ b/apparmor.d/groups/apt/apt-key
@ -102,7 +102,7 @@ profile apt-key @{exec_path} {
    owner @{PROC}/@{pid}/fd/ r,
    owner @{PROC}/@{pid}/task/@{tid}/comm rw,

-    include if exists <local/apt-key_pgp>
+    include if exists <local/apt-key_gpg>
  }

  include if exists <local/apt-key>
--- a/apparmor.d/groups/apt/debconf-apt-progress
+++ b/apparmor.d/groups/apt/debconf-apt-progress
@ -46,6 +46,7 @@ profile debconf-apt-progress @{exec_path} flags=(complain) {

    /etc/shadow r,

+    include if exists <local/debconf-apt-progress_frontend>
  }

  include if exists <local/debconf-apt-progress>
--- a/apparmor.d/groups/apt/dpkg-architecture
+++ b/apparmor.d/groups/apt/dpkg-architecture
@ -45,6 +45,7 @@ profile dpkg-architecture @{exec_path} {

    /etc/debian_version r,

+    include if exists <local/dpkg-architecture_ccache>
  }

  include if exists <local/dpkg-architecture>
--- a/apparmor.d/groups/cron/cron
+++ b/apparmor.d/groups/cron/cron
@ -74,7 +74,7 @@ profile cron @{exec_path} flags=(attach_disconnected) {

    owner @{tmp}/#@{int} rw,

-   include if exists <local/cron_run_parts>
+   include if exists <local/cron_run-parts>
  }

  include if exists <local/cron>
--- a/apparmor.d/groups/cron/cron-apt-listbugs
+++ b/apparmor.d/groups/cron/cron-apt-listbugs
@ -33,6 +33,7 @@ profile cron-apt-listbugs @{exec_path} {

    /var/spool/apt-listbugs/lastprefclean rw,

+    include if exists <local/cron-apt-listbugs_prefclean>
  }

  include if exists <local/cron-apt-listbugs>
--- a/apparmor.d/groups/cron/cron-debsums
+++ b/apparmor.d/groups/cron/cron-debsums
@ -43,6 +43,7 @@ profile cron-debsums @{exec_path} {

    owner @{PROC}/@{pid}/fd/3 rw,

+    include if exists <local/cron-debsums_tee>
  }

  include if exists <local/cron-debsums>
--- a/apparmor.d/groups/cron/cron-popularity-contest
+++ b/apparmor.d/groups/cron/cron-popularity-contest
@ -152,7 +152,7 @@ profile cron-popularity-contest @{exec_path} {

    owner @{tmp}/#@{int} rw,  # file_inherit

-    include if exists <local/cron-popularity-contest_/popcon-upload>
+    include if exists <local/cron-popularity-contest_popcon-upload>
  }

  include if exists <local/cron-popularity-contest>
--- a/apparmor.d/groups/freedesktop/xdg-desktop-icon
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-icon
@ -39,7 +39,7 @@ profile xdg-desktop-icon @{exec_path} {
    include <abstractions/base>
    include <abstractions/app/bus>
    include <abstractions/bus-session>
-    include if exists <local/xdg-settings_bus>
+    include if exists <local/xdg-desktop-icon_bus>
  }

  include if exists <local/xdg-desktop-icon>
--- a/apparmor.d/groups/gnome/gdm-prime-defaut
+++ b/apparmor.d/groups/gnome/gdm-prime-defaut
@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>

@{exec_path} = /etc/gdm{3,}/{Init,Prime}/Default
-profile gdm-defaut @{exec_path} flags=(complain) {
+profile gdm-prime-defaut @{exec_path} flags=(complain) {
  include <abstractions/base>

  @{exec_path} mr,
--- a/apparmor.d/groups/network/openvpn
+++ b/apparmor.d/groups/network/openvpn
@ -90,6 +90,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
    /etc/iproute2/rt_tables r,
    /etc/iproute2/rt_tables.d/ r,

+    include if exists <local/openvpn_update-resolv>
  }

  profile force-user-traffic-via-vpn {
@ -121,6 +122,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {

    owner @{PROC}/sys/net/ipv{4,}/route/flush w,

+    include if exists <local/openvpn_force-user-traffic-via-vpn>
  }

  include if exists <local/openvpn>
--- a/apparmor.d/groups/pacman/yay
+++ b/apparmor.d/groups/pacman/yay
@ -60,7 +60,7 @@ profile yay @{exec_path} {
    owner @{user_cache_dirs}/yay/** rwlk -> @{user_cache_dirs}/yay/**,
    owner @{user_config_dirs}/git/{,*} r,

-    include if exists <local/pass_git>
+    include if exists <local/yay_git>
  }

  profile editor {
--- a/apparmor.d/groups/ssh/ssh-sk-helper
+++ b/apparmor.d/groups/ssh/ssh-sk-helper
@ -2,6 +2,8 @@
 # Copyright (C) 2024 valoq <valoq@mailbox.org>
 # SPDX-License-Identifier: GPL-2.0-only

+abi <abi/4.0>,
+
 include <tunables/global>

@{exec_path} = @{lib}/ssh/ssh-sk-helper
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@ -55,7 +55,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
  deny network inet stream,
  deny network inet6 stream,

-  include if exists <local/systemd-journalctl>
+  include if exists <local/journalctl>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@ -50,7 +50,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
  @{PROC}/sys/kernel/hostname r,
  @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,

-  include if exists <local/systemd-timesyncd>
+  include if exists <local/systemd-resolved>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/groups/systemd/systemd-sleep-grub2
+++ b/apparmor.d/groups/systemd/systemd-sleep-grub2
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@ -109,6 +109,7 @@ profile subiquity-console-conf @{exec_path} {
    /var/lib/dbus/machine-id r,
    /etc/machine-id r,

+    include if exists <local/subiquity-console-conf_journalctl>
  }

  include if exists <local/subiquity-console-conf>
--- a/apparmor.d/groups/ubuntu/ubuntu-advantage
+++ b/apparmor.d/groups/ubuntu/ubuntu-advantage
@ -87,6 +87,7 @@ profile ubuntu-advantage @{exec_path} {

    /dev/kmsg w,

+    include if exists <local/ubuntu-advantage_systemctl>
  }

  include if exists <local/ubuntu-advantage>
--- a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
+++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
@ -45,6 +45,7 @@ profile update-motd-fsck-at-reboot @{exec_path} {

    /dev/tty@{int} rw,

+    include if exists <local/update-motd-fsck-at-reboot_mount>
  }

  include if exists <local/update-motd-fsck-at-reboot>
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@ -290,6 +290,8 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
    owner @{PROC}/@{pids}/status r,

    /dev/net/tun rw,
+
+    include if exists <local/libvirtd_qemu_bridge_helper>
  }

  include if exists <usr/libvirtd>
--- a/apparmor.d/groups/whonix/whonix-firewalld
+++ b/apparmor.d/groups/whonix/whonix-firewalld
@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>

@{exec_path} = @{bin}/whonix_firewall @{lib}/whonix-firewall/reloadfirewall
-profile whonix-firewall @{exec_path} {
+profile whonix-firewalld @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
@ -45,7 +45,7 @@ profile whonix-firewall @{exec_path} {
  owner @{run}/updatesproxycheck/{,**} rw,
  owner @{run}/whonix_firewall/{,**} rw,

-  include if exists <local/whonix-firewall>
+  include if exists <local/whonix-firewalld>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/groups/xfce/xfce-panel
+++ b/apparmor.d/groups/xfce/xfce-panel
@ -48,7 +48,7 @@ profile xfce-panel @{exec_path} {

    @{bin}/lsblk rPx,

-    include if exists <local/xfce-panel-wrapper_root>
+    include if exists <local/xfce-panel_root>
  }

  include if exists <local/xfce-panel>