felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update

Browse source
This commit is contained in:
Alexandre Pujol 2023-09-29 19:25:30 +01:00
parent 6f2ae26749
commit c8ee832c11
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
23 changed files with 66 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/virt/cockpit-bridge
View file

@ -18,6 +18,7 @@ profile cockpit-bridge @{exec_path} {
capability dac_read_search,
capability net_admin,
capability sys_nice,
capability sys_ptrace,
network inet dgram,
network inet stream,
@ -55,9 +56,12 @@ profile cockpit-bridge @{exec_path} {
@{run}/user/@{uid}/ssh-agent.[0-9A-Z]* rw,
@{run}/utmp r,
@{sys}/class/hwmon/ r,
@{sys}/devices/**/hwmon@{int}/ r,
@{sys}/devices/**/hwmon@{int}/{name,temp*} r,
@{sys}/fs/cgroup/*.slice/**/memory* r,
@{sys}/fs/cgroup/**/ r,
@{sys}/fs/cgroup/**/cpu.{stat,weight} r,
@{sys}/fs/cgroup/**/memory* r,
@{PROC}/ r,
@{PROC}/@{pids}/cgroup r,
@ -68,6 +72,7 @@ profile cockpit-bridge @{exec_path} {
@{PROC}/diskstats r,
@{PROC}/loadavg r,
@{PROC}/uptime r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r,

3
apparmor.d/groups/virt/cockpit-session
View file

@ -29,10 +29,11 @@ profile cockpit-session @{exec_path} flags=(attach_disconnected) {
@{lib}/cockpit/cockpit-pcp rPx,
@{etc_ro}/environment r,
@{etc_ro}/security/limits.d/{,*.conf} r,
/etc/cockpit/disallowed-users r,
/etc/group r,
/etc/motd r,
/etc/motd.d/ r,
@{etc_ro}/security/limits.d/{,*.conf} r,
/etc/shells r,
@{run}/faillock/[a-zA-z0-9]* rwk,