felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): fwupd: allow access to dbx

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-11 19:38:24 +02:00
parent 616486d5ba
commit 969c989aed
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-a-f/fwupd
View file

@ -83,7 +83,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
owner /var/lib/fwupd/ rw, owner /var/lib/fwupd/ rw,
owner /var/lib/fwupd/** rwk, owner /var/lib/fwupd/** rwk,
# In order to get to this file, the attach_disconnected flag has to be set @{att}/@{user_cache_dirs}/gnome-software/fwupd/{,**} r,
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r, owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r,
owner @{user_cache_dirs}/gnome-software/fwupd/{,**} r, owner @{user_cache_dirs}/gnome-software/fwupd/{,**} r,
@ -97,6 +97,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/firmware/efi/** r, @{sys}/firmware/efi/** r,
@{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw, @{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw,
@{sys}/firmware/efi/efivars/BootNext-@{uuid} rw, @{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
@{sys}/firmware/efi/efivars/dbx-@{uuid} rw,
@{sys}/firmware/efi/efivars/fwupd-* rw, @{sys}/firmware/efi/efivars/fwupd-* rw,
@{sys}/firmware/efi/efivars/KEK-@{uuid} rw, @{sys}/firmware/efi/efivars/KEK-@{uuid} rw,
@{sys}/kernel/security/lockdown r, @{sys}/kernel/security/lockdown r,