feat(profiles): general update.

2022-08-21 20:16:29 +01:00 · 2022-08-21 20:16:29 +01:00 · 9d4956df0d
commit 9d4956df0d
parent e6e0ef9067
23 changed files with 147 additions and 104 deletions
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@ -69,15 +69,15 @@ profile snapd @{exec_path} {
  /{usr/,}bin/unsquashfs               rix,
  /{usr/,}bin/update-desktop-database  rPx,

+  /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache-*             mr,
+  /{snap/snapd/[0-9]*/,}{usr/,}bin/snap                   rPx,
+  /{snap/snapd/[0-9]*/,}{usr/,}bin/xdelta3                rix, # TODO: rPx ?
  /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/**        mr,
  /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/ld-*.so   rix,
-  /{snap/snapd/[0-9]*/,}{usr/,}bin/snap                   rPx,
  /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-discard-ns  rPx,
  /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp     rPx,
  /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-update-ns   rPx,
  /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd            rix,
-  /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache-*             rPx -> fc-cache,
-  /{snap/snapd/[0-9]*/,}{usr/,}bin/xdelta3                rix, # TODO: rPx ?

  /usr/share/bash-completion/completions/{,**} r,
  /usr/share/dbus-1/{system,session}.d/{,snapd*} r,
@ -133,7 +133,6 @@ profile snapd @{exec_path} {
  @{sys}/kernel/security/apparmor/features/ r,
  @{sys}/kernel/security/apparmor/profiles r,

-  owner @{PROC}/@{pids}/mountinfo r,
        @{PROC}/@{pids}/cgroup r,
        @{PROC}/@{pids}/stat r,
        @{PROC}/cgroups r,
@ -141,6 +140,7 @@ profile snapd @{exec_path} {
        @{PROC}/sys/kernel/random/boot_id r,
        @{PROC}/sys/kernel/seccomp/actions_avail r,
        @{PROC}/version r,
+  owner @{PROC}/@{pids}/mountinfo r,

  /dev/loop-control rw,