felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-18 22:35:05 +01:00
parent 7d1380530a
commit c785b41451
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 56 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-s-z/spice-vdagent
View file

@ -36,8 +36,6 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/var/lib/nscd/passwd r,
owner @{desktop_config_dirs}/user-dirs.dirs r,
owner @{user_config_dirs}/user-dirs.dirs r,
@ -45,5 +43,7 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pids}/task/@{tid}/comm rw,
owner /dev/tty@{int} rw,
include if exists <local/spice-vdagent>
}

16
apparmor.d/profiles-s-z/umount
View file

@ -20,16 +20,19 @@ profile umount @{exec_path} {
capability setuid,
capability sys_admin,
umount,
network inet stream,
network inet6 stream,
umount,
@{exec_path} mr,
@{bin}/umount.* rPx,
@{bin}/mount.* rPx,
/etc/mtab r,
/etc/fstab r,
# Mount points
@{HOME}/ r,
@{HOME}/*/ r,
@ -38,15 +41,10 @@ profile umount @{exec_path} {
@{MOUNTS}/*/ r,
@{MOUNTS}/*/*/ r,
/media/cdrom[0-9]/ r,
/etc/mtab r,
/etc/fstab r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{run}/mount/ rw,
owner @{run}/mount/utab{,.*} rwk,
owner @{PROC}/@{pid}/mountinfo r,
include if exists <local/umount>
}