Update various profiles

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-02-21 23:52:26 +01:00 · 2024-02-21 23:52:26 +01:00 · b532dd6827
commit b532dd6827
parent 92a1d9f65f
47 changed files with 459 additions and 26 deletions
--- a/apparmor.d/abstractions/systemd-common
+++ b/apparmor.d/abstractions/systemd-common
@ -3,8 +3,14 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  capability sys_ptrace,
+
  ptrace (read) peer=@{systemd},

+  owner @{lib}/systemd/{,systemd} r,
+
+  owner @{run}/systemd/system/ r,
+
  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,

@ -14,6 +20,7 @@
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
        @{PROC}/sys/kernel/random/boot_id r,
+  owner @{PROC}/filesystems r,
  owner @{PROC}/@{pid}/stat r,

  /dev/kmsg w,