feat(profile): general update.

2023-11-26 21:24:40 +00:00 · 2023-11-26 21:24:40 +00:00 · 8250e202a0
commit 8250e202a0
parent 4b61abf7ce
37 changed files with 67 additions and 53 deletions
--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@ -35,10 +35,10 @@ profile sudo @{exec_path} {

  ptrace (read),

+  signal (send,receive) peer=cockpit-bridge,
  signal (send) peer=unconfined,
  signal (send) set=(cont,hup) peer=su,
-  signal (send) set=winch peer={apt,zsysd,zsys-system-autosnapshot,pacman},
-  signal (send,receive) peer=cockpit-bridge,
+  signal (send) set=(winch),

  dbus send bus=system path=/org/freedesktop/login[0-9]
       interface=org.freedesktop.login[0-9].Manager
@ -50,12 +50,11 @@ profile sudo @{exec_path} {
         member={JobRemoved,StartTransientUnit},

  @{exec_path} mr,
+  @{lib}/sudo/** mr,

  @{bin}/{,b,d,rb}ash               rUx,
  @{bin}/{c,k,tc,z}sh               rUx,
-
  @{lib}/**                        rPUx,
-  @{lib}/sudo/**                     mr,
  /opt/*/**                        rPUx,
  /snap/snapd/@{int}@{bin}/snap    rPUx,