feat(profile): add profile for ischroot.
This commit is contained in:
Alexandre Pujol
parent
46078ca59c
commit
a5faf60fbc
13 changed files with 35 additions and 15 deletions
|
|
@ -67,7 +67,6 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/echo rix,
|
||||
@{bin}/gdbus rix,
|
||||
@{bin}/id rix,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/test rix,
|
||||
@{bin}/touch rix,
|
||||
|
||||
|
|
@ -80,14 +79,15 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/df rPx,
|
||||
@{bin}/dmesg rPx,
|
||||
@{bin}/dpkg rPx,
|
||||
@{sbin}/dpkg-preconfigure rPx,
|
||||
@{bin}/dpkg-source rcx -> dpkg-source,
|
||||
@{bin}/etckeeper rPx,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/localepurge rPx,
|
||||
@{bin}/ps rPx,
|
||||
@{bin}/snap rPx,
|
||||
@{bin}/systemctl rCx -> systemctl,
|
||||
@{bin}/update-command-not-found rPx,
|
||||
@{sbin}/dpkg-preconfigure rPx,
|
||||
@{lib}/cnf-update-db rPx,
|
||||
@{lib}/needrestart/apt-pinvoke rPx,
|
||||
@{lib}/zsys-system-autosnapshot rPx,
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ profile apport-gtk @{exec_path} {
|
|||
@{bin}/dpkg-query rpx,
|
||||
@{bin}/gdb rCx -> gdb,
|
||||
@{bin}/gsettings rPx,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/journalctl rPx,
|
||||
@{sbin}/killall5 rix,
|
||||
@{bin}/kmod rPx,
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ profile check-new-release-gtk @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dpkg rPx,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
|
||||
@{lib}/@{python_name}/dist-packages/UpdateManager/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ profile do-release-upgrade @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
|
||||
/usr/share/distro-info/*.csv r,
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ profile list-oem-metapackages @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
|
||||
@{lib}/@{python_name}/dist-packages/UbuntuDrivers/__pycache__/*.cpython-@{int}.pyc.@{int} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ profile software-properties-gtk @{exec_path} {
|
|||
@{bin}/aplay rPx,
|
||||
@{bin}/apt-key rPx,
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/ubuntu-advantage rPx,
|
||||
|
||||
|
|
|
|||
|
|
@ -29,13 +29,12 @@ profile ubuntu-advantage @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/ischroot rix,
|
||||
|
||||
@{bin}/apt rPx,
|
||||
@{bin}/apt-cache rPx,
|
||||
@{bin}/apt-config rPx,
|
||||
@{bin}/apt-get rPx,
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/ps rPx,
|
||||
@{bin}/snap rPUx,
|
||||
@{bin}/systemctl rCx -> systemctl,
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
|
|||
@{sh_path} rix,
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/hwe-support-status rPx,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/snap rPUx,
|
||||
@{bin}/software-properties-gtk rPx,
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ profile update-motd-updates-available @{exec_path} {
|
|||
@{bin}/dirname rix,
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/find rix,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/mktemp rix,
|
||||
@{bin}/mv rix,
|
||||
|
|
|
|||
|
|
@ -31,10 +31,10 @@ profile update-notifier @{exec_path} {
|
|||
|
||||
@{sh_path} rix,
|
||||
@{bin}/ionice rix,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/nice rix,
|
||||
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/pkexec rCx -> pkexec,
|
||||
@{bin}/snap rPUx,
|
||||
|
|
|
|||
21
apparmor.d/profiles-g-l/ischroot
Normal file
21
apparmor.d/profiles-g-l/ischroot
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/4.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/ischroot
|
||||
profile ischroot @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
include if exists <local/ischroot>
|
||||
}
|
||||
|
||||
# vim:syntax=apparmor
|
||||
|
|
@ -51,7 +51,6 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/echo rix,
|
||||
@{bin}/gdbus rix,
|
||||
@{bin}/gzip rix,
|
||||
@{bin}/ischroot rix,
|
||||
@{sbin}/ldconfig rix,
|
||||
@{bin}/repo2solv rix,
|
||||
@{bin}/tar rix,
|
||||
|
|
@ -63,7 +62,8 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/dpkg rPx -> child-dpkg, #aa:only apt
|
||||
@{bin}/fc-cache rPx,
|
||||
@{bin}/glib-compile-schemas rPx,
|
||||
@{sbin}/install-info rPx,
|
||||
@{bin}/install-info rPx,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/rpm rPUx, #aa:only opensuse
|
||||
@{bin}/rpmdb2solv rPUx, #aa:only opensuse
|
||||
@{bin}/systemd-inhibit rPx,
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ profile update-initramfs @{exec_path} {
|
|||
@{bin}/cat rix,
|
||||
@{bin}/{m,g,}awk rix,
|
||||
@{bin}/getopt rix,
|
||||
@{bin}/ischroot rix,
|
||||
@{bin}/ln rix,
|
||||
@{bin}/mv rix,
|
||||
@{bin}/rm rix,
|
||||
|
|
@ -31,6 +30,7 @@ profile update-initramfs @{exec_path} {
|
|||
@{bin}/uname rix,
|
||||
|
||||
@{bin}/dpkg-trigger rPx,
|
||||
@{bin}/ischroot rPx,
|
||||
@{bin}/linux-version rPx,
|
||||
@{sbin}/mkinitramfs rPx,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue