felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refractor: move more profiles to groups.

Browse source
This commit is contained in:
Alexandre Pujol 2025-02-10 00:20:15 +01:00
parent fadc08b1ea
commit 9d74168be2
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
51 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

47
apparmor.d/groups/utils/agetty Normal file
View file

@ -0,0 +1,47 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/agetty
profile agetty @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
capability checkpoint_restore,
capability fsetid,
capability sys_admin,
capability sys_tty_config,
capability chown,
network netlink raw,
@{exec_path} mr,
@{bin}/login rPx,
@{etc_ro}/login.defs r,
@{etc_ro}/login.defs.d/{,*} r,
@{etc_rw}/issue r,
/{,usr/}lib/os-release r,
/{etc,run,lib,usr/lib}/issue r,
/{etc,run,lib,usr/lib}/issue.d/{,*} r,
/etc/inittab r,
/etc/os-release r,
@{run}/credentials/getty@tty@{int}.service/ r,
@{run}/credentials/serial-getty@ttyS@{int}.service/ r,
owner @{run}/agetty.reload rw,
/dev/tty@{int} rw,
owner /dev/ttyGS@{int} rw,
owner /dev/ttyS@{int} rw,
include if exists <local/agetty>
}
# vim:syntax=apparmor