felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Profiles update.

Browse source
This commit is contained in:
Alexandre Pujol 2021-10-22 15:01:43 +01:00
parent b91ddfa493
commit aac0a93080
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
34 changed files with 136 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-a-f/apparmor_parser
View file

@ -20,11 +20,11 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
owner /var/cache/apparmor/{,**} rw,
owner /var/lib/docker/tmp/docker-default[0-9]* r,
owner @{sys}/kernel/security/apparmor/{,**} r,
owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw,
@{sys}/kernel/security/apparmor/{,**} r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/kernel/osrelease r,
deny /apparmor/.null rw,

2
apparmor.d/profiles-a-f/engrampa
View file

@ -66,7 +66,7 @@ profile engrampa @{exec_path} {
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/gvfs-metadata/** r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
/usr/share/engrampa/{,**} r,

2
apparmor.d/profiles-a-f/font-manager
View file

@ -44,7 +44,7 @@ profile font-manager @{exec_path} {
owner "@{user_share_dirs}/fonts/Google Fonts/**" rw,
owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/gvfs-metadata/** r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

4
apparmor.d/profiles-a-f/fuse-overlayfs
View file

@ -17,9 +17,9 @@ profile fuse-overlayfs @{exec_path} {
@{exec_path} mr,
mount fstype=fuse.* options=(rw,nodev,noatime) @{user_share_dirs}/containers/storage/overlay/**/ -> **,
mount fstype=fuse.* options=(rw,nodev,noatime) @{user_share_dirs}/containers/storage/overlay/**/merged/ -> **,
owner @{user_share_dirs}/containers/storage/overlay/{,**} rw,
owner @{user_share_dirs}/containers/storage/overlay/{,**} rwl,
@{PROC}/sys/kernel/overflowgid r,
@{PROC}/sys/kernel/overflowuid r,

12
apparmor.d/profiles-a-f/fwupd
View file

@ -1,6 +1,6 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov
# 2021 Alexandre Pujol <alexandre@pujol.io>
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@ -31,12 +31,12 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/etc/pki/fwupd/** r,
/etc/pki/fwupd-metadata/** r,
/etc/fwupd/** r,
/usr/share/fwupd/** r,
/etc/pki/fwupd/{,**} r,
/etc/pki/fwupd-metadata/{,**} r,
/etc/fwupd/{,**} r,
/usr/share/fwupd/{,**} r,
/var/cache/fwupd/** rw,
/var/cache/fwupd/{,**} rw,
/var/lib/fwupd/{,**} rw,
/var/lib/fwupd/pending.db rwk,

2
apparmor.d/profiles-a-f/fwupdmgr
View file

@ -25,7 +25,7 @@ profile fwupdmgr @{exec_path} flags=(complain) {
@{exec_path} mr,
/{usr/,}bin/dbus-launch rCx -> dbus,
/{usr/,}bin/pkttyagent rux, # TODO: Work in progress
/{usr/,}bin/pkttyagent rPx,
owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/fwupd/ rw,