From a7771618465010bf9e8d7d3ee0934c3757460598 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 6 Dec 2023 20:02:15 +0000 Subject: [PATCH] feat(profile): add initial structure some snap tools. --- apparmor.d/profiles-s-z/snap-bootstrap | 16 ++++++++++++++ apparmor.d/profiles-s-z/snap-repair | 16 ++++++++++++++ .../profiles-s-z/snapd-aa-prompt-listener | 22 +++++++++++++++++++ apparmor.d/profiles-s-z/snapd-aa-prompt-ui | 20 +++++++++++++++++ apparmor.d/profiles-s-z/snapd-core-fixup | 16 ++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 apparmor.d/profiles-s-z/snap-bootstrap create mode 100644 apparmor.d/profiles-s-z/snap-repair create mode 100644 apparmor.d/profiles-s-z/snapd-aa-prompt-listener create mode 100644 apparmor.d/profiles-s-z/snapd-aa-prompt-ui create mode 100644 apparmor.d/profiles-s-z/snapd-core-fixup diff --git a/apparmor.d/profiles-s-z/snap-bootstrap b/apparmor.d/profiles-s-z/snap-bootstrap new file mode 100644 index 000000000..db45f531c --- /dev/null +++ b/apparmor.d/profiles-s-z/snap-bootstrap @@ -0,0 +1,16 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/snapd/snap-bootstrap +profile snap-bootstrap @{exec_path} { + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/snap-repair b/apparmor.d/profiles-s-z/snap-repair new file mode 100644 index 000000000..6450306c8 --- /dev/null +++ b/apparmor.d/profiles-s-z/snap-repair @@ -0,0 +1,16 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/snapd/snap-repair +profile snap-repair @{exec_path} { + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener new file mode 100644 index 000000000..332e40512 --- /dev/null +++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener @@ -0,0 +1,22 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib} + +@{exec_path} = @{lib_dirs}/snapd/snapd-aa-prompt-listener +profile snapd-aa-prompt-listener @{exec_path} { + include + + @{exec_path} mr, + + @{lib_dirs}/snapd/info r, + + @{PROC}/cmdline r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/snapd-aa-prompt-ui b/apparmor.d/profiles-s-z/snapd-aa-prompt-ui new file mode 100644 index 000000000..53a57767b --- /dev/null +++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-ui @@ -0,0 +1,20 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/snapd/snapd-aa-prompt-ui +profile snapd-aa-prompt-ui @{exec_path} { + include + + @{exec_path} mr, + + /snap/snapd/@{int}@{lib}/snapd/info r, + + @{PROC}/cmdline r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/snapd-core-fixup b/apparmor.d/profiles-s-z/snapd-core-fixup new file mode 100644 index 000000000..55f379d49 --- /dev/null +++ b/apparmor.d/profiles-s-z/snapd-core-fixup @@ -0,0 +1,16 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/snapd/snapd.core-fixup.sh +profile snapd-core-fixup @{exec_path} { + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file