From ad960d477b8037005493fa1ca591d61d4f7936d5 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 15 May 2024 17:22:20 +0100 Subject: [PATCH] feat(profile): replace former regex by the new @{user} variable. --- apparmor.d/abstractions/app/sudo | 4 ++-- apparmor.d/groups/display-manager/lightdm | 2 +- apparmor.d/groups/freedesktop/polkit-agent-helper | 2 +- apparmor.d/groups/gnome/gdm-session-worker | 2 +- apparmor.d/groups/kde/kscreenlocker_greet | 2 +- apparmor.d/groups/kde/sddm | 2 +- apparmor.d/groups/ssh/sshd | 2 +- apparmor.d/groups/virt/cockpit-session | 2 +- apparmor.d/groups/whonix/pam-info | 2 +- apparmor.d/profiles-g-l/login | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 49b742b0c..f792fc085 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -47,8 +47,8 @@ owner @{HOME}/.sudo_as_admin_successful rw, - @{run}/faillock/{,*} rwk, - + @{run}/faillock/ rw, + @{run}/faillock/@{user} rwk, owner @{run}/sudo/ rw, owner @{run}/sudo/ts/ rw, owner @{run}/sudo/ts/@{uid} rwk, diff --git a/apparmor.d/groups/display-manager/lightdm b/apparmor.d/groups/display-manager/lightdm index 125e22e8d..5f967a06f 100644 --- a/apparmor.d/groups/display-manager/lightdm +++ b/apparmor.d/groups/display-manager/lightdm @@ -71,7 +71,7 @@ profile lightdm @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.dmrc r, @{run}/faillock/ rw, - @{run}/faillock/user rwk, + @{run}/faillock/@{user} rwk, @{run}/lightdm.pid rw, @{run}/lightdm/{,**} rw, owner @{run}/systemd/sessions/*.ref rw, diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper index c5c2b0906..9dc0d9f53 100644 --- a/apparmor.d/groups/freedesktop/polkit-agent-helper +++ b/apparmor.d/groups/freedesktop/polkit-agent-helper @@ -44,7 +44,7 @@ profile polkit-agent-helper @{exec_path} { owner @{HOME}/.xsession-errors w, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{PROC}/1/cgroup r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 604ed33d6..58d05970a 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -104,7 +104,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { owner @{run}/gdm{3,}/dbus/dbus-@{rand8} w, @{run}/cockpit/active.motd r, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{run}/motd.d/{,*} r, @{run}/systemd/sessions/* r, @{run}/systemd/sessions/*.ref rw, diff --git a/apparmor.d/groups/kde/kscreenlocker_greet b/apparmor.d/groups/kde/kscreenlocker_greet index a28135cbf..8f2120233 100644 --- a/apparmor.d/groups/kde/kscreenlocker_greet +++ b/apparmor.d/groups/kde/kscreenlocker_greet @@ -92,7 +92,7 @@ profile kscreenlocker_greet @{exec_path} { owner @{tmp}/*-cover-*.{jpg,png} r, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 3939eeb92..6db8b9496 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -172,7 +172,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{tmp}/#@{int} rw, owner @{tmp}/sddm-auth* rw, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{run}/sddm.pid rw, @{run}/sddm/\{@{uuid}\} rw, @{run}/sddm/#@{int} rw, diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 13b3195bf..fef44a12c 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -91,7 +91,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { owner @{HOME}/@{XDG_SSH_DIR}/authorized_keys{,.*} r, owner @{user_cache_dirs}/{,motd*} rw, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{run}/motd.d/{,*} r, @{run}/motd.dynamic rw, @{run}/motd.dynamic.new rw, diff --git a/apparmor.d/groups/virt/cockpit-session b/apparmor.d/groups/virt/cockpit-session index c2dd0f85f..76ef768c6 100644 --- a/apparmor.d/groups/virt/cockpit-session +++ b/apparmor.d/groups/virt/cockpit-session @@ -36,7 +36,7 @@ profile cockpit-session @{exec_path} flags=(attach_disconnected) { /etc/motd.d/ r, /etc/shells r, - @{run}/faillock/[a-zA-z0-9]* rwk, + @{run}/faillock/@{user} rwk, @{run}/systemd/sessions/*.ref rw, @{run}/utmp rwk, @{run}/motd.d/{,*} r, diff --git a/apparmor.d/groups/whonix/pam-info b/apparmor.d/groups/whonix/pam-info index 588e55a94..15907570b 100644 --- a/apparmor.d/groups/whonix/pam-info +++ b/apparmor.d/groups/whonix/pam-info @@ -22,7 +22,7 @@ profile pam-info @{exec_path} { /etc/pam.d/* r, - @{run}/faillock/user rwk, + @{run}/faillock/@{user} rwk, owner /dev/tty rw, diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index b23645f15..ba8c2c254 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -60,7 +60,7 @@ profile login @{exec_path} flags=(attach_disconnected) { @{run}/motd.d/{,*} r, @{run}/dbus/system_bus_socket rw, - @{run}/faillock/* rwk, + @{run}/faillock/@{user} rwk, @{run}/motd.dynamic{,.new} rw, @{run}/systemd/sessions/*.ref rw,