chore: various cosmetic changes.

2023-09-01 19:26:52 +01:00 · 2023-09-01 19:26:52 +01:00 · aea0034fcc
commit aea0034fcc
parent 256d4abde8
16 changed files with 35 additions and 32 deletions
--- a/apparmor.d/abstractions/systemd-common
+++ b/apparmor.d/abstractions/systemd-common
@ -3,10 +3,11 @@
 # Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

-  abi <abi/3.0>,
-
  ptrace (read),

+  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
+  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,
+
        @{PROC}/1/cgroup r,
        @{PROC}/1/environ r,
        @{PROC}/1/sched r,
@ -17,7 +18,4 @@

  /dev/kmsg w,

-  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
-  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,
-
  include if exists <abstractions/systemd-common.d>
--- a/apparmor.d/abstractions/wayland.d/complete
+++ b/apparmor.d/abstractions/wayland.d/complete
@ -2,7 +2,7 @@
 # Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  owner @{run}/user/@{uid}/wayland-@{int}.lock rk,
+
  owner /dev/shm/sway* rw,
  owner /dev/shm/dunst-@{rand6} rw,
-
-  owner @{run}/user/@{uid}/wayland-@{int}.lock rk,
--- a/apparmor.d/groups/avahi/avahi-autoipd
+++ b/apparmor.d/groups/avahi/avahi-autoipd
@ -20,6 +20,7 @@ profile avahi-autoipd @{exec_path} {
  signal receive set=(kill,term),

  @{exec_path} mr,
+
  /etc/avahi/avahi-autoipd.action rix,

  include if exists <local/avahi-autoipd>
--- a/apparmor.d/groups/grub/grub-mkconfig
+++ b/apparmor.d/groups/grub/grub-mkconfig
@ -57,7 +57,7 @@ profile grub-mkconfig @{exec_path} {
  @{bin}/umount               rPx,
  @{bin}/uname                rix,
  @{bin}/which{.debianutils,} rix,
-  /etc/grub.d/{**,}                rix,
+  /etc/grub.d/{**,}           rix,

  /boot/{**,} r,
  /boot/grub/{**,} rw,
--- a/apparmor.d/groups/grub/grub-probe
+++ b/apparmor.d/groups/grub/grub-probe
@ -18,13 +18,13 @@ profile grub-probe @{exec_path} {
  @{exec_path} mr,

  /{usr/,}{local/,}{s,}bin/zpool rPx,
-  @{bin}/lvm            rPx,
  @{bin}/lsb_release        rPx -> lsb_release,
+  @{bin}/lvm                rPx,
  @{bin}/udevadm            rPx,

-  / r,
  /usr/share/grub/* r,

+  / r,
  /boot/ r,
  /boot/grub/themes/{,**} r,

--- a/apparmor.d/groups/virt/k3s
+++ b/apparmor.d/groups/virt/k3s
@ -56,6 +56,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) {
  unix (bind,listen) type=stream addr=@xtables,

  @{exec_path} mr,
+
  @{bin}/kmod rPx,
  @{bin}/mount rPx,
  @{bin}/systemd-run rix,
--- a/apparmor.d/profiles-s-z/syncoid
+++ b/apparmor.d/profiles-s-z/syncoid
@ -12,7 +12,8 @@ profile syncoid @{exec_path} flags=(complain) {
  include <abstractions/consoles>
  include <abstractions/perl>

-  @{exec_path}                   mr,
+  @{exec_path} mr,
+
  @{bin}/{,ba,da}sh              rix,
  @{bin}/grep                    rix,
  @{bin}/mbuffer                 rix,