Revert "tty and pts are part of abstractions/consoles"

This reverts commit 51a33f3f5e.
2022-08-19 20:05:15 +02:00 · 2022-08-19 20:05:15 +02:00 · af603fbc62
commit af603fbc62
parent 35087ea4bb
59 changed files with 65 additions and 56 deletions
--- a/apparmor.d/profiles-s-z/start-pulseaudio-x11
+++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11
@ -9,13 +9,13 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/start-pulseaudio-x11
 profile start-pulseaudio-x11 @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  @{exec_path} mr,

  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}bin/pactl      rPx,

+  /dev/tty rw,

  include if exists <local/start-pulseaudio-x11>
 }
--- a/apparmor.d/profiles-s-z/udisksctl
+++ b/apparmor.d/profiles-s-z/udisksctl
@ -10,7 +10,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/udisksctl
 profile udisksctl @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  @{exec_path} mr,

@ -20,6 +19,7 @@ profile udisksctl @{exec_path} {
  /{usr/,}bin/less  rPx -> child-pager,
  /{usr/,}bin/more  rPx -> child-pager,

+  /dev/tty rw,

  include if exists <local/udisksctl>
 }
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/update-ca-trust
 profile update-ca-trust @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/ssl_certs>

  capability dac_read_search,
@ -31,6 +30,7 @@ profile update-ca-trust @{exec_path} {
  /etc/ssl/certs/{,*} rw,
  /etc/ssl/certs/java/cacerts{,.*} w,

+  /dev/tty rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/profiles-s-z/wl-copy
+++ b/apparmor.d/profiles-s-z/wl-copy
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/wl-{copy,paste}
 profile wl-copy @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>

  @{exec_path} mr,

@ -20,6 +19,7 @@ profile wl-copy @{exec_path} {

  owner /tmp/wl-copy-buffer-*/{,**} rw,

+  /dev/tty rw,

  include if exists <local/wl-copy>
 }
--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}{local/,}{s,}bin/zpool
 profile zpool @{exec_path} {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/disks-read>

  capability sys_admin,
@ -35,6 +34,7 @@ profile zpool @{exec_path} {
  @{PROC}/@{pids}/mounts r,
  @{PROC}/sys/kernel/spl/hostid r,

+  /dev/pts/[0-9]* rw,
  /dev/zfs rw,

  include if exists <local/zpool>
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/zsysd /{usr/,}{s,}bin/zsysctl
 profile zsysd @{exec_path} flags=(complain) {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/dbus-strict>
  include <abstractions/nameservice-strict>

@ -43,6 +42,7 @@ profile zsysd @{exec_path} flags=(complain) {

  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

+  /dev/pts/[0-9]* rw,
  /dev/zfs rw,

  include if exists <local/zsysd>