felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the @{pci} varibale when possible.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-08 17:46:05 +00:00
parent 013f1c5a83
commit bb947318a5
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
83 changed files with 168 additions and 170 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/virt/k3s
View file

@ -135,7 +135,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) {
@{sys}/class/net/ r,
@{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r,
@{sys}/devices/@{pci}/net/*/{address,mtu,speed} r,
@{sys}/devices/system/edac/mc/ r,
@{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
@{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,

18
apparmor.d/groups/virt/libvirtd
View file

@ -198,15 +198,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{sys}/bus/pci/drivers/*/unbind w,
@{sys}/class/[a-z]*/ r,
@{sys}/devices/**/uevent r,
@{sys}/devices/pci[0-9]*/**/{class,revision,subsystem_vendor,subsystem_device} r,
@{sys}/devices/pci[0-9]*/**/{config,numa_node,device,vendor} r,
@{sys}/devices/pci[0-9]*/**/driver_override w,
@{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r,
@{sys}/devices/pci[0-9]*/**/mdev_supported_types/*/create w,
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
@{sys}/devices/pci[0-9]*/**/remove w,
@{sys}/devices/pci[0-9]*/**/resource r,
@{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
@{sys}/devices/@{pci}/{class,revision,subsystem_vendor,subsystem_device} r,
@{sys}/devices/@{pci}/{config,numa_node,device,vendor} r,
@{sys}/devices/@{pci}/driver_override w,
@{sys}/devices/@{pci}/mdev_supported_types/{,**} r,
@{sys}/devices/@{pci}/mdev_supported_types/*/create w,
@{sys}/devices/@{pci}/net/*/{,**} r,
@{sys}/devices/@{pci}/remove w,
@{sys}/devices/@{pci}/resource r,
@{sys}/devices/@{pci}/sriov_totalvfs r,
@{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
@{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,

2
apparmor.d/groups/virt/virtinterfaced
View file

@ -33,7 +33,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) {
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/net/ r,
@{sys}/devices/pci[0-9]*/**/net/{,**} r,
@{sys}/devices/@{pci}/net/{,**} r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node@{int}/meminfo r,
@{sys}/devices/virtual/net/{,**} r,

8
apparmor.d/groups/virt/virtnodedevd
View file

@ -79,10 +79,10 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/**/{class,revision,subsystem_vendor,subsystem_device} r,
@{sys}/devices/**/{config,device,vendor} r,
@{sys}/devices/**/uevent r,
@{sys}/devices/pci[0-9]*/**/net/{,**} r,
@{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r,
@{sys}/devices/pci[0-9]*/**/numa_node r,
@{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
@{sys}/devices/@{pci}/net/{,**} r,
@{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r,
@{sys}/devices/@{pci}/numa_node r,
@{sys}/devices/@{pci}/sriov_totalvfs r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node@{int}/meminfo r,
@{sys}/devices/virtual/dmi/id/{product_name,product_serial,product_uuid,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r,