felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): journalctl minor improvments.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-13 19:28:59 +02:00 committed by Alex
parent e75d1729c1
commit 8c591c90ab
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/systemd/journalctl
View file

@ -20,8 +20,10 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
capability net_admin, capability net_admin,
capability sys_resource, capability sys_resource,
signal (receive) set=(term) peer=cockpit-bridge, network netlink raw,
signal (send) peer=child-pager,
signal receive set=term peer=cockpit-bridge,
signal send peer=child-pager,
@{exec_path} mr, @{exec_path} mr,
@ -49,6 +51,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
@{run}/host/container-manager r, @{run}/host/container-manager r,
@{run}/systemd/journal/io.systemd.journal rw, @{run}/systemd/journal/io.systemd.journal rw,
@{run}/systemd/notify rw,
@{PROC}/sys/fs/nr_open r, @{PROC}/sys/fs/nr_open r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,