felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Various updates (#209)

Browse source
This commit is contained in:
curiosityseeker 2023-09-10 12:59:26 +02:00 committed by GitHub
parent 5d7ce06a62
commit aaed7a25da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 35 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-g-l/kmod
View file

@ -15,6 +15,7 @@ profile kmod @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict>
include <abstractions/openssl>
capability dac_read_search,
capability dac_override,
capability mknod,
capability net_admin,
@ -70,6 +71,8 @@ profile kmod @{exec_path} flags=(attach_disconnected) {
@{PROC}/cmdline r,
@{PROC}/modules r,
/dev/tty@{int} rw,
deny /apparmor/.null rw,
deny @{user_share_dirs}/gvfs-metadata/* r,

4
apparmor.d/profiles-g-l/lvm
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/lvm
profile lvm @{exec_path} {
profile lvm @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dbus-strict>
@ -43,5 +43,7 @@ profile lvm @{exec_path} {
/dev/**/ r,
/dev/mapper/control rw,
deny /apparmor/.null rw,
include if exists <local/lvm>
}