feat(profile): general update.

2024-09-09 19:57:49 +01:00 · 2024-09-09 19:57:49 +01:00 · c7181ecadf
commit c7181ecadf
parent a99fbaa0be
32 changed files with 152 additions and 158 deletions
--- a/apparmor.d/groups/pacman/arch-audit
+++ b/apparmor.d/groups/pacman/arch-audit
@ -28,12 +28,12 @@ profile arch-audit @{exec_path} {

  /var/lib/pacman/local/{,**} r,

-  owner @{PROC}/@{pid}/cgroup r,
-  owner @{PROC}/@{pid}/mountinfo r,
-
  @{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,
  @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,

+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/mountinfo r,
+
  /dev/pts/@{int} rw,

  include if exists <local/arch-audit>
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@ -46,7 +46,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
  @{bin}/gpg{,2}      rCx -> gpg,
  @{bin}/gpgconf      rCx -> gpg,
  @{bin}/gpgsm        rCx -> gpg,
-  
+
  # Pacman hooks & install scripts
  @{sh_path}                         rix,
  @{coreutils_path}                  rix,
@ -64,7 +64,6 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
  @{bin}/gdk-pixbuf-query-loaders    rPx,
  @{bin}/getent                      rix,
  @{bin}/gettext                     rix,
-  @{bin}/ghc-pkg{,-*}                rPx,
  @{bin}/gio-querymodules            rPx,
  @{bin}/glib-compile-schemas        rPx,
  @{bin}/groupadd                    rPx,
@ -118,9 +117,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
  /var/** rwlk -> /var/**,

  # Read packages files
-  @{user_pkg_dirs}/ r,
-  @{user_pkg_dirs}/**/ r,
-  @{user_pkg_dirs}/**.pkg.tar.zst{,.sig} r,
+  @{user_pkg_dirs}/{,**} r,

  owner /var/lib/pacman/{,**} rwl,
  owner @{tmp}/alpm_@{rand6}/{,**} rw,