felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): remove common/systemd from systemd-detect-virt.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-29 19:56:41 +02:00
parent 5d1ef40877
commit be0d481068
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/groups/systemd/systemd-detect-virt
View file

@ -11,11 +11,10 @@ include <tunables/global>
profile systemd-detect-virt @{exec_path} flags=(attach_disconnected) { profile systemd-detect-virt @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/common/systemd>
capability net_admin, capability sys_ptrace,
network netlink raw, ptrace read peer=@{p_systemd},
@{exec_path} mr, @{exec_path} mr,
@ -32,7 +31,14 @@ profile systemd-detect-virt @{exec_path} flags=(attach_disconnected) {
@{sys}/firmware/dmi/entries/*/raw r, @{sys}/firmware/dmi/entries/*/raw r,
@{sys}/firmware/uv/prot_virt_guest r, @{sys}/firmware/uv/prot_virt_guest r,
@{sys}/hypervisor/properties/features r, @{sys}/hypervisor/properties/features r,
@{sys}/hypervisor/type r,
@{PROC}/1/environ r,
@{PROC}/device-tree/ r,
@{PROC}/device-tree/compatible r,
@{PROC}/device-tree/hypervisor/compatible r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sysinfo r,
@{PROC}/xen/capabilities r, @{PROC}/xen/capabilities r,
/dev/cpu/@{int}/msr r, /dev/cpu/@{int}/msr r,