felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-17 17:39:56 +00:00
parent ee328f727b
commit a46dfaad61
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
17 changed files with 59 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/profiles-m-r/nvtop
View file

@ -35,7 +35,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/drm/ r,
@{sys}/devices/@{pci}/drm/card@{int}/gt_cur_freq_mhz r,
@{sys}/devices/@{pci}/drm/card@{int}/gt_*_freq_mhz r,
@{sys}/devices/@{pci}/enable r,
@{sys}/devices/system/node/node@{int}/cpumap r,
@ -51,7 +51,8 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
/dev/char/@{dynamic}:@{int} w, # For dynamic assignment range 234 to 254, 384 to 511
/dev/dri/ r,
/dev/nvidia-caps/{,nvidia-cap[0-9]*} rw,
/dev/nvidia-caps/ rw,
/dev/nvidia-caps/nvidia-cap@{int} rw,
include if exists <local/nvtop>
}

6
apparmor.d/profiles-m-r/pass
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pass
profile pass @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@ -69,8 +70,9 @@ profile pass @{exec_path} {
profile editor {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/consoles>
include <abstractions/fzf>
include <abstractions/nameservice-strict>
@{bin}/vim{,.*} mrix,
@ -95,6 +97,7 @@ profile pass @{exec_path} {
profile git {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/ssl_certs>
@ -129,6 +132,7 @@ profile pass @{exec_path} {
profile gpg {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
capability dac_read_search,

16
apparmor.d/profiles-m-r/pkexec
View file

@ -12,7 +12,6 @@ profile pkexec @{exec_path} {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.PolicyKit1>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
@ -32,20 +31,7 @@ profile pkexec @{exec_path} {
ptrace (read),
dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus (receive) bus=system path=/org/freedesktop/PolicyKit1*/Authority
interface=org.freedesktop.PolicyKit1*.Authority
member=Changed
peer=(name=:*),
dbus (receive) bus=system path=/org/freedesktop/PolicyKit1*/AuthenticationAgent
interface=org.freedesktop.PolicyKit1*.AuthenticationAgent
member=BeginAuthentication
peer=(name=:*),
# dbus: talk bus=system name=org.freedesktop.PolicyKit1.Authority label=polkitd
@{exec_path} mr,