felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2021-07-16 21:33:11 +01:00
parent aa3c43c999
commit 94978242ff
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
15 changed files with 42 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/systemd/bootctl
View file

@ -51,5 +51,9 @@ profile bootctl @{exec_path} {
owner @{PROC}/@{pid}/cgroup r,
@{PROC}/sys/kernel/random/poolsize r,
# Silencer
deny network inet6 stream,
deny network inet stream,
include if exists <local/bootctl>
}

1
apparmor.d/groups/systemd/systemd-ac-power
View file

@ -19,4 +19,5 @@ profile systemd-ac-power @{exec_path} {
@{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/ r,
@{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/{type,online} r,
include if exists <local/systemd-ac-power>
}

4
apparmor.d/groups/systemd/systemd-hwdb
View file

@ -19,5 +19,9 @@ profile systemd-hwdb @{exec_path} {
owner @{PROC}/@{pid}/stat r,
# Silencer
deny network inet6 stream,
deny network inet stream,
include if exists <local/systemd-hwdb>
}

4
apparmor.d/groups/systemd/systemd-sysctl
View file

@ -27,5 +27,9 @@ profile systemd-sysctl @{exec_path} {
/etc/sysctl.conf r,
# Silencer
deny network inet6 stream,
deny network inet stream,
include if exists <local/systemd-sysctl>
}