Revert "tty and pts are part of abstractions/consoles"
This reverts commit 51a33f3f5e.
This commit is contained in:
Jeroen Rijken
Alex
parent
35087ea4bb
commit
af603fbc62
59 changed files with 65 additions and 56 deletions
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}{s,}bin/acpid
|
||||
profile acpid @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability dac_read_search,
|
||||
|
|
@ -34,6 +33,7 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{PROC}/@{pids}/loginuid r,
|
||||
|
||||
/dev/input/{,**} r,
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/acpid>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/apparmor/apparmor.systemd
|
||||
profile apparmor.systemd @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability mac_admin,
|
||||
|
|
@ -42,6 +41,7 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
|
|||
@{PROC}/filesystems r,
|
||||
@{PROC}/mounts r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/apparmor.systemd>
|
||||
}
|
||||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/code/extensions/git/dist/askpass.sh
|
||||
profile askpass @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
@ -26,6 +25,7 @@ profile askpass @{exec_path} {
|
|||
|
||||
owner /tmp/tmp.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/askpass>
|
||||
}
|
||||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/augenrules
|
||||
profile augenrules @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
|
@ -20,6 +19,7 @@ profile augenrules @{exec_path} {
|
|||
|
||||
owner /tmp/aurules.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/augenrules>
|
||||
}
|
||||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/aurpublish/*.hook
|
||||
profile aurpublish @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
signal (receive) peer=git,
|
||||
|
||||
|
|
@ -26,6 +25,7 @@ profile aurpublish @{exec_path} {
|
|||
owner @{user_projects_dirs}/**/.SRCINFO rw,
|
||||
owner @{user_projects_dirs}/**/PKGBUILD r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/aurpublish>
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/blueman-*
|
||||
profile blueman @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
|
|
@ -68,6 +67,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
|
|||
/dev/dri/card[0-9]* rw,
|
||||
/dev/rfkill r,
|
||||
/dev/shm/ r,
|
||||
/dev/tty rw,
|
||||
|
||||
profile open {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/evince /{usr/,}lib/evinced
|
||||
profile evince @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gnome>
|
||||
include <abstractions/openssl>
|
||||
|
|
@ -41,6 +40,7 @@ profile evince @{exec_path} {
|
|||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/evince>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/firecfg
|
||||
profile firecfg @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability dac_read_search,
|
||||
|
|
@ -35,6 +34,7 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
|
|||
@{user_share_dirs}/applications/ r,
|
||||
@{user_share_dirs}/applications/*.desktop rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
deny /apparmor/.null rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/fwupdmgr
|
||||
profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -66,6 +65,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
|
|||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
profile dbus {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue