felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-15 16:07:53 +00:00
parent 9f3be7a96d
commit cf4e47f10f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
22 changed files with 75 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/systemd/systemd-generator-ds-identify
View file

@ -25,6 +25,7 @@ profile systemd-generator-ds-identify @{exec_path} flags=(attach_disconnected) {
/etc/cloud/{,**} r,
@{run}/cloud-init/{,.}ds-identify.* rw,
@{run}/cloud-init/cloud.cfg rw,
@{sys}/devices/virtual/dmi/id/chassis_asset_tag r,
@{sys}/devices/virtual/dmi/id/product_name r,

1
apparmor.d/groups/systemd/systemd-id128
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/systemd-id128
profile systemd-id128 @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,

6
apparmor.d/groups/systemd/systemd-machined
View file

@ -24,6 +24,12 @@ profile systemd-machined @{exec_path} {
capability sys_chroot,
capability sys_ptrace,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
network netlink raw,
# dbus: own bus=system name=org.freedesktop.machine1
# dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"

5
apparmor.d/groups/systemd/systemd-oomd
View file

@ -15,13 +15,16 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
capability dac_override,
capability kill,
unix (bind) type=stream addr=@@{hex}/bus/systemd-oomd/bus-api-oom,
# dbus: own bus=system name=org.freedesktop.oom1
@{exec_path} mr,
/etc/systemd/oomd.conf r,
@{run}/systemd/io.system.ManagedOOM rw,
@{run}/systemd/io.system.ManagedOOM rw,
@{run}/systemd/io.systemd.ManagedOOM rw,
@{run}/systemd/notify rw,
owner @{run}/systemd/journal/socket w,

18
apparmor.d/groups/systemd/systemd-portabled
View file

@ -11,8 +11,26 @@ profile systemd-portabled @{exec_path} {
include <abstractions/base>
include <abstractions/systemd-common>
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability fsetid,
capability kill,
capability mknod,
capability setgid,
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
network netlink raw,
# dbus: own bus=system name=org.freedesktop.portable1
@{exec_path} mr,
/var/lib/portables/{,**} rw,