felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): remove rules already included in the base abs.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-20 23:30:09 +01:00
parent 96defe021c
commit 8979d84633
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
23 changed files with 8 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/systemd/systemd-logind
View file

@ -97,7 +97,6 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/ rw,
@{run}/systemd/inhibit/.#* rw,
@{run}/systemd/inhibit/@{int}{,.ref} rw,
@{run}/systemd/journal/socket rw,
@{run}/systemd/notify rw,
@{run}/systemd/seats/ rw,
@{run}/systemd/seats/.#seat* rw,

7
apparmor.d/groups/systemd/systemd-oomd
View file

@ -24,10 +24,9 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
/etc/systemd/oomd.conf r,
/etc/systemd/oomd.conf.d/{,**} r,
@{run}/systemd/io.system.ManagedOOM rw,
@{run}/systemd/io.systemd.ManagedOOM rw,
@{run}/systemd/notify rw,
owner @{run}/systemd/journal/socket w,
@{run}/systemd/io.system.ManagedOOM rw,
@{run}/systemd/io.systemd.ManagedOOM rw,
@{run}/systemd/notify rw,
@{sys}/fs/cgroup/cgroup.controllers r,
@{sys}/fs/cgroup/memory.* r,

7
apparmor.d/groups/systemd/systemd-resolved
View file

@ -41,10 +41,9 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
/etc/systemd/resolved.conf r,
/etc/systemd/resolved.conf.d/{,*} r,
@{run}/systemd/netif/links/* r,
@{run}/systemd/notify rw,
@{run}/systemd/resolve/{,**} rw,
owner @{run}/systemd/journal/socket w,
@{run}/systemd/netif/links/* r,
@{run}/systemd/notify rw,
@{run}/systemd/resolve/{,**} rw,
@{PROC}/@{pid}/cgroup r,
@{PROC}/pressure/* r,

2
apparmor.d/groups/systemd/systemd-sleep-grub2
View file

@ -19,8 +19,6 @@ profile systemd-sleep-grub @{exec_path} {
/etc/sysconfig/bootloader r,
@{PROC}/@{pid}/maps r,
/dev/tty rw,
include if exists <local/systemd-sleep-grub>

1
apparmor.d/groups/systemd/systemd-timesyncd
View file

@ -38,7 +38,6 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/netif/state r,
@{run}/systemd/notify rw,
@{run}/systemd/timesyncd.conf.d/{,**} r,
owner @{run}/systemd/journal/socket w,
owner @{run}/systemd/timesync/synchronized rw,
@{PROC}/@{pid}/cgroup r,