From 846b9e2cf419a7f19011994e6dbfb135888e3e88 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 25 May 2025 15:17:38 +0200 Subject: [PATCH] feat(profile): ubuntu: update upgrade process. --- .../groups/ubuntu/package-data-downloader | 2 ++ apparmor.d/groups/ubuntu/ubuntu-report | 2 +- .../groups/ubuntu/update-notifier-crash | 20 +++++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 apparmor.d/groups/ubuntu/update-notifier-crash diff --git a/apparmor.d/groups/ubuntu/package-data-downloader b/apparmor.d/groups/ubuntu/package-data-downloader index c193bbe0c..37f7f72a5 100644 --- a/apparmor.d/groups/ubuntu/package-data-downloader +++ b/apparmor.d/groups/ubuntu/package-data-downloader @@ -14,6 +14,8 @@ profile package-data-downloader @{exec_path} { include include + capability dac_read_search, + @{exec_path} mr, /var/lib/update-notifier/package-data-downloads/{,**} rw, diff --git a/apparmor.d/groups/ubuntu/ubuntu-report b/apparmor.d/groups/ubuntu/ubuntu-report index 19273f449..65fa3eaa0 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-report +++ b/apparmor.d/groups/ubuntu/ubuntu-report @@ -21,7 +21,7 @@ profile ubuntu-report @{exec_path} { @{bin}/dpkg rPx -> child-dpkg, - owner @{user_cache_dirs}/ubuntu-report/{,*} r, + owner @{user_cache_dirs}/ubuntu-report/{,*} rw, include if exists } diff --git a/apparmor.d/groups/ubuntu/update-notifier-crash b/apparmor.d/groups/ubuntu/update-notifier-crash new file mode 100644 index 000000000..b3cbf7f07 --- /dev/null +++ b/apparmor.d/groups/ubuntu/update-notifier-crash @@ -0,0 +1,20 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/update-notifier/update-notifier-crash +profile update-notifier-crash @{exec_path} { + include + + @{exec_path} mr, + + /usr/share/apport/apport-checkreports Px, + + include if exists +} + +# vim:syntax=apparmor