felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-17 17:39:56 +00:00
parent ee328f727b
commit a46dfaad61
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
17 changed files with 59 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/systemd/bootctl
View file

@ -9,8 +9,9 @@ include <tunables/global>
@{exec_path} = @{bin}/bootctl
profile bootctl @{exec_path} {
include <abstractions/base>
include <abstractions/systemd-common>
include <abstractions/consoles>
include <abstractions/disks-read>
include <abstractions/systemd-common>
capability mknod,
capability net_admin,
@ -42,7 +43,7 @@ profile bootctl @{exec_path} {
@{run}/host/container-manager r,
@{sys}//class/tpmrm/ r,
@{sys}/class/tpmrm/ r,
@{sys}/devices/virtual/dmi/id/{board_vendor,bios_vendor} r,
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
@ -68,8 +69,8 @@ profile bootctl @{exec_path} {
@{sys}/firmware/efi/efivars/SetupMode-@{uuid} r,
@{sys}/firmware/efi/fw_platform_size r,
owner @{PROC}/@{pid}/cgroup r,
@{PROC}/sys/kernel/random/poolsize r,
owner @{PROC}/@{pid}/cgroup r,
# Inherit silencer
deny network inet6 stream,