General update
This commit is contained in:
Jeroen Rijken
parent
586ea8fc27
commit
bf7c26cff5
6 changed files with 21 additions and 9 deletions
|
|
@ -39,7 +39,7 @@ profile pulseaudio @{exec_path} {
|
|||
member={GetState,AddService,AddServiceSubtype,Commit}
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus receive bus=session path=/Client0/EntryGroup[0-9]*
|
||||
dbus receive bus=system path=/Client0/EntryGroup[0-9]*
|
||||
interface=org.freedesktop.Avahi.EntryGroup
|
||||
member=StateChanged
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
|
@ -102,8 +102,8 @@ profile pulseaudio @{exec_path} {
|
|||
member=Get
|
||||
peer=(name=/org/freedesktop/hostname[0-9]),
|
||||
|
||||
dbus send bus=system path=/org.freedesktop.hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Prope
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=/org/freedesktop/hostname[0-9]),
|
||||
|
||||
|
|
|
|||
|
|
@ -32,8 +32,11 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/var/lib/calico/{,**} r,
|
||||
/var/log/calico/cni/ r,
|
||||
/var/log/calico/cni/cni.log rw,
|
||||
/var/log/calico/cni/cni-@{date}T@{time}.[0-9]*.log rw,
|
||||
|
||||
/usr/share/mime/globs2 r,
|
||||
|
||||
@{run}/calico/ rw,
|
||||
@{run}/calico/ipam.lock rwk,
|
||||
@{run}/netns/cni-@{uuid} r,
|
||||
|
|
|
|||
|
|
@ -53,14 +53,15 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/ r,
|
||||
|
||||
/opt/cni/bin/loopback rPx,
|
||||
/opt/cni/bin/portmap rPx,
|
||||
/opt/cni/bin/loopback rPx,
|
||||
/opt/cni/bin/portmap rPx,
|
||||
/opt/cni/bin/bandwidth rPx,
|
||||
/opt/cni/bin/calico rPx,
|
||||
/opt/cni/bin/calico rPx,
|
||||
|
||||
/etc/cni/ rw,
|
||||
/etc/cni/{,**} r,
|
||||
/etc/cni/net.d/ rw,
|
||||
/etc/calico/ rw,
|
||||
/etc/cni/ rw,
|
||||
/etc/cni/{,**} r,
|
||||
/etc/cni/net.d/ rw,
|
||||
/etc/containerd/*.toml r,
|
||||
|
||||
/opt/containerd/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,12 @@ profile thermald @{exec_path} {
|
|||
dbus (bind)
|
||||
bus=system
|
||||
name=org.freedesktop.thermald,
|
||||
|
||||
dbus (send)
|
||||
bus=system
|
||||
path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ profile whereis @{exec_path} flags=(complain) {
|
|||
/snap/bin/ r,
|
||||
/var/lib/flatpak/exports/bin/ r,
|
||||
|
||||
owner @{HOME}/{.local/,}/{.,}bin/ r,
|
||||
owner @{HOME}/.krew/bin/ r,
|
||||
owner @{HOME}/{.,}go/bin/ r,
|
||||
owner @{HOME}/{.local/,}{.,}bin/ r,
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ profile zed @{exec_path} {
|
|||
|
||||
@{sys}/bus/pci/slots/ r,
|
||||
@{sys}/bus/pci/slots/[0-9]*/address r,
|
||||
@{sys}/module/zfs/parameters/zfs_zevent_len_max rw,
|
||||
|
||||
@{PROC}/@{pids}/mounts r,
|
||||
owner @{PROC}/@{pids}/fd/ r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue