felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

general_initial

Browse source
This commit is contained in:
nobody43 2023-02-19 23:40:41 +00:00 committed by Alex
parent 3eb8dd2811
commit a873af1f26
36 changed files with 640 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/profiles-m-r/pkexec
View file

@ -8,7 +8,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/pkexec
profile pkexec @{exec_path} flags=(complain) {
profile pkexec @{exec_path} {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/consoles>
@ -23,7 +23,8 @@ profile pkexec @{exec_path} flags=(complain) {
capability setgid, # gdbus
capability setuid, # gmain
capability sys_ptrace,
audit deny capability sys_nice,
capability sys_nice,
capability sys_resource,
ptrace (read),
@ -54,6 +55,7 @@ profile pkexec @{exec_path} flags=(complain) {
# Apps to be run via pkexec
/{usr/,}{s,}bin/* rPUx,
/{usr/,}lib/gvfs/gvfsd-admin rPUx, #(#FIXME#)
@{libexec}/polkit-agent-helper-[0-9] rPx,
/{usr/,}lib/polkit-agent-helper-[0-9] rPx,
/{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
/{usr/,}lib/update-notifier/package-system-locked rPx,