feat(profiles): better system nss rules in nameservice-strict.

2022-06-03 19:38:34 +01:00 · 2022-06-03 19:38:34 +01:00 · 879416b062
commit 879416b062
parent 1ca1aa8892
22 changed files with 18 additions and 50 deletions
--- a/apparmor.d/groups/ubuntu/ubuntu-report
+++ b/apparmor.d/groups/ubuntu/ubuntu-report
@ -17,8 +17,6 @@ profile ubuntu-report @{exec_path} {

  owner @{user_cache_dirs}/ubuntu-report/{,*} r,

-  @{run}/systemd/resolve/stub-resolv.conf r,
-
  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

  include if exists <local/ubuntu-report>
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@ -52,12 +52,8 @@ profile update-notifier @{exec_path} {

  owner /tmp/#[0-9]* rw,

-  @{run}/systemd/userdb/io.systemd.DynamicUser w,
-  @{run}/systemd/userdb/ r,
-
  owner @{PROC}/@{pid}/fd/ r,
        @{PROC}/@{pids}/mountinfo r,
-        @{PROC}/sys/kernel/random/boot_id r,

  include if exists <local/update-notifier>
 }