Revert "tty and pts are part of abstractions/consoles"

This reverts commit 51a33f3f5e.
2022-08-19 20:05:15 +02:00 · 2022-08-19 20:05:15 +02:00 · af603fbc62
commit af603fbc62
parent 35087ea4bb
59 changed files with 65 additions and 56 deletions
--- a/apparmor.d/groups/pacman/archlinux-java
+++ b/apparmor.d/groups/pacman/archlinux-java
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/archlinux-java
 profile archlinux-java @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -26,6 +25,7 @@ profile archlinux-java @{exec_path} {
  /{usr/,}lib/jvm/default w,
  /{usr/,}lib/jvm/default-runtime w,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/paccache
+++ b/apparmor.d/groups/pacman/paccache
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/paccache
 profile paccache @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/nameservice-strict>

  capability dac_read_search,
@ -36,6 +35,7 @@ profile paccache @{exec_path} {

  owner @{PROC}/@{pid}/fd/ r,

+  /dev/tty rw,

  include if exists <local/paccache>
 }
--- a/apparmor.d/groups/pacman/pacdiff
+++ b/apparmor.d/groups/pacman/pacdiff
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/pacdiff
 profile pacdiff @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,
  capability mknod,
@ -37,6 +36,7 @@ profile pacdiff @{exec_path} flags=(attach_disconnected) {
  /usr/{,**} r,
  /var/{,**} r,

+  /dev/tty rw,

  # Inherit Silencer
  deny /apparmor/.null rw,
--- a/apparmor.d/groups/pacman/pacman-hook-dconf
+++ b/apparmor.d/groups/pacman/pacman-hook-dconf
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/dconf-update
 profile pacman-hook-dconf @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -21,6 +20,7 @@ profile pacman-hook-dconf @{exec_path} {

  /etc/dconf/db/{,**} rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-depmod
+++ b/apparmor.d/groups/pacman/pacman-hook-depmod
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/depmod
 profile pacman-hook-depmod @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -24,6 +23,7 @@ profile pacman-hook-depmod @{exec_path} {

  /usr/lib/modules/*/{,**} rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/dkms
 profile pacman-hook-dkms @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,
  capability mknod,
@ -28,6 +27,7 @@ profile pacman-hook-dkms @{exec_path} {

  /etc/dkms/{,*} r,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-fontconfig
+++ b/apparmor.d/groups/pacman/pacman-hook-fontconfig
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/40-fontconfig-config
 profile pacman-hook-fontconfig @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -22,6 +21,7 @@ profile pacman-hook-fontconfig @{exec_path} {
  /etc/fonts/conf.d/* rwl,
  /usr/share/fontconfig/conf.default/* r,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-gio
+++ b/apparmor.d/groups/pacman/pacman-hook-gio
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/gio-querymodules
 profile pacman-hook-gio @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -24,6 +23,7 @@ profile pacman-hook-gio @{exec_path} {

  /usr/lib/gio/modules/ rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-gtk
+++ b/apparmor.d/groups/pacman/pacman-hook-gtk
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/gtk-update-icon-cache
 profile pacman-hook-gtk @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -24,6 +23,7 @@ profile pacman-hook-gtk @{exec_path} {

  /usr/share/icons/{,**} rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-install
 profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,
  capability mknod,
@ -33,6 +32,7 @@ profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected)
  / r,
  owner /boot/vmlinuz-* rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-remove
 profile pacman-hook-mkinitcpio-remove @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,
  capability mknod,
@ -29,6 +28,7 @@ profile pacman-hook-mkinitcpio-remove @{exec_path} {
  /boot/initramfs-*.img rw,
  /boot/initramfs-*-fallback.img rw,

+  /dev/tty rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-perl
+++ b/apparmor.d/groups/pacman/pacman-hook-perl
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/detect-old-perl-modules.sh
 profile pacman-hook-perl @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,
  capability mknod,
@ -24,6 +23,7 @@ profile pacman-hook-perl @{exec_path} {

  /{usr/,}lib/perl[0-9]*/{,**} r,

+  /dev/tty rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-systemd
+++ b/apparmor.d/groups/pacman/pacman-hook-systemd
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /usr/share/libalpm/scripts/systemd-hook
 profile pacman-hook-systemd @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  capability dac_read_search,

@ -30,6 +29,7 @@ profile pacman-hook-systemd @{exec_path} {

  /usr/ rw,

+  /dev/tty rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-key
+++ b/apparmor.d/groups/pacman/pacman-key
@ -35,6 +35,7 @@ profile pacman-key @{exec_path} {

  /etc/pacman.d/gnupg/gpg.conf r,

+  /dev/tty rw,

  profile gpg {
    include <abstractions/base>