felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): modernize some profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-12 15:48:43 +00:00
parent 81b9de3aff
commit 9c859cec9d
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
14 changed files with 124 additions and 211 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/profiles-a-f/acpi-powerbtn
View file

@ -21,7 +21,7 @@ profile acpi-powerbtn flags=(attach_disconnected) {
@{bin}/shutdown rix,
/etc/acpi/powerbtn.sh rix,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/systemctl rCx -> systemctl,
@{bin}/ps rPx,
@{bin}/fgconsole rCx,
@ -46,5 +46,12 @@ profile acpi-powerbtn flags=(attach_disconnected) {
owner /dev/tty@{int} rw,
}
profile systemctl {
include <abstractions/base>
include <abstractions/systemctl>
include if exists <local/acpi-powerbtn_systemctl>
}
include if exists <local/acpi-powerbtn>
}

8
apparmor.d/profiles-a-f/blueman
View file

@ -12,15 +12,12 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio-client>
include <abstractions/dconf-write>
include <abstractions/desktop>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/nameservice-strict>
include <abstractions/python>
include <abstractions/thumbnails-cache-read>
include <abstractions/user-download-strict>
include <abstractions/wayland>
network inet stream,
network inet6 stream,
@ -37,7 +34,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
@{open_path} rPx -> child-open,
/usr/share/blueman/{,**} r,
/usr/share/X11/xkb/{,**} r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
@ -57,8 +53,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/obexd/ rw,
owner @{user_cache_dirs}/obexd/* rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r,
@{PROC}/@{pids}/cmdline r,

10
apparmor.d/profiles-a-f/dkms-autoinstaller
View file

@ -20,7 +20,7 @@ profile dkms-autoinstaller @{exec_path} {
@{bin}/plymouth rix,
@{bin}/readlink rix,
@{bin}/run-parts rCx -> run-parts,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/systemctl rCx -> systemctl,
@{bin}/tput rix,
# For shell pwd
@ -34,6 +34,14 @@ profile dkms-autoinstaller @{exec_path} {
@{bin}/run-parts mr,
include if exists <local/dkms-autoinstaller_run-parts>
}
profile systemctl {
include <abstractions/base>
include <abstractions/systemctl>
include if exists <local/dkms-autoinstaller_systemctl>
}
include if exists <local/dkms-autoinstaller>