felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(profile): add abi and local include when missing.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-06 15:57:47 +01:00
parent 105a9b4def
commit 7ccaab8234
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
61 changed files with 84 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-s-z/sensors-detect
View file

@ -50,7 +50,7 @@ profile sensors-detect @{exec_path} {
include <abstractions/base>
include <abstractions/app/kmod>
include if exists <local/sensors-detect_udevadm>
include if exists <local/sensors-detect_kmod>
}
profile systemctl {

3
apparmor.d/profiles-s-z/tasksel
View file

@ -40,13 +40,13 @@ profile tasksel @{exec_path} flags=(complain) {
owner @{tmp}/file* w,
profile tasksel-tests flags=(complain) {
include <abstractions/base>
@{lib}/tasksel/tests/* r,
@{sh_path} rix,
include if exists <local/tasksel_tasksel-tests>
}
profile frontend flags=(complain) {
@ -76,6 +76,7 @@ profile tasksel @{exec_path} flags=(complain) {
/etc/shadow r,
include if exists <local/tasksel_frontend>
}
include if exists <local/tasksel>

1
apparmor.d/profiles-s-z/update-dlocatedb
View file

@ -58,6 +58,7 @@ profile update-dlocatedb @{exec_path} {
@{bin}/gzip rix,
/var/lib/dlocate/dlocatedb.gz rw,
include if exists <local/update-dlocatedb_updatedb>
}
include if exists <local/update-dlocatedb>

1
apparmor.d/profiles-s-z/update-pciids
View file

@ -62,6 +62,7 @@ profile update-pciids @{exec_path} {
/usr/share/misc/pci.ids.new w,
/usr/share/misc/pci.ids.gz.new w,
include if exists <local/update-pciids_browse>
}
include if exists <local/update-pciids>

2
apparmor.d/profiles-s-z/update-smart-drivedb
View file

@ -58,6 +58,7 @@ profile update-smart-drivedb @{exec_path} {
owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/ rw,
owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/** rwkl -> /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/**,
include if exists <local/update-smart-drivedb_gpg>
}
profile browse {
@ -88,6 +89,7 @@ profile update-smart-drivedb @{exec_path} {
/var/lib/smartmontools/drivedb/drivedb.h.new{,.raw.asc} w,
include if exists <local/update-smart-drivedb_browse>
}
include if exists <local/update-smart-drivedb>

2
apparmor.d/profiles-s-z/uupdate
View file

@ -50,7 +50,7 @@ profile uupdate @{exec_path} flags=(complain) {
# For package building
owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/uupdates>
include if exists <local/uupdate>
}
# vim:syntax=apparmor

2
apparmor.d/profiles-s-z/yadifad
View file

@ -2,6 +2,8 @@
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/yadifad

12
apparmor.d/profiles-s-z/youtube-viewer
View file

@ -32,12 +32,6 @@ profile youtube-viewer @{exec_path} {
@{bin}/wget rCx -> wget,
owner @{user_config_dirs}/youtube-viewer/{,*} rw,
owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
/etc/inputrc r,
# Players
@{bin}/mpv rPUx,
@{bin}/vlc rPUx,
@ -45,6 +39,11 @@ profile youtube-viewer @{exec_path} {
@{bin}/ffmpeg rPUx,
/etc/inputrc r,
owner @{user_config_dirs}/youtube-viewer/{,*} rw,
owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
profile wget {
include <abstractions/base>
@ -62,6 +61,7 @@ profile youtube-viewer @{exec_path} {
owner @{HOME}/.wget-hsts r,
owner @{HOME}/wget-log{,.@{int}} rw,
include if exists <local/youtube-viewer_wget>
}
include if exists <local/youtube-viewer>