felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-14 21:59:55 +01:00
parent 24b1c816e5
commit cfccb7894d
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
19 changed files with 54 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-m-r/needrestart-apt-pinvoke
View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{lib}/needrestart/apt-pinvoke
profile needrestart-apt-pinvoke @{exec_path} {
profile needrestart-apt-pinvoke @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.login1>
@ -24,6 +24,8 @@ profile needrestart-apt-pinvoke @{exec_path} {
@{run}/needrestart/{,**} rw,
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,
include if exists <local/needrestart-apt-pinvoke>
}

5
apparmor.d/profiles-m-r/os-prober
View file

@ -15,8 +15,13 @@ profile os-prober @{exec_path} flags=(attach_disconnected) {
capability dac_read_search,
capability sys_admin,
mount options=(rprivate, rw) -> /,
mount options=(rw, nosuid, nodev) -> /var/lib/os-prober/mount/,
umount /var/lib/os-prober/mount/,
mqueue (read getattr) type=posix /,
@{exec_path} mrix,
@{sh_path} rix,

1
apparmor.d/profiles-m-r/packagekitd
View file

@ -69,6 +69,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
@{bin}/fc-cache rPx,
@{bin}/glib-compile-schemas rPx,
@{bin}/install-info rPx,
@{bin}/rpm rPUx, #aa:only opensuse
@{bin}/rpmdb2solv rPUx, #aa:only opensuse
@{bin}/systemd-inhibit rPx,
@{bin}/update-desktop-database rPx,

11
apparmor.d/profiles-m-r/remmina
View file

@ -25,6 +25,7 @@ profile remmina @{exec_path} {
include <abstractions/ibus>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/thumbnails-cache-read>
include <abstractions/user-download-strict>
network inet stream,
@ -35,16 +36,20 @@ profile remmina @{exec_path} {
#aa:dbus talk bus=session name=org.ayatana.NotificationItem label=gnome-shell
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
@{exec_path} r,
@{exec_path} rm,
@{open_path} rPx -> child-open-browsers,
/usr/share/remmina/{,**} r,
/usr/share/themes/{,**} r,
/etc/timezone r,
/etc/fstab r,
/etc/ssh/ssh_config r,
/etc/ssh/ssh_config.d/{,*} r,
/etc/timezone r,
owner @{HOME}/@{XDG_SSH_DIR}/{,*} r,
owner @{HOME}/@{XDG_SSH_DIR}/config r,
owner @{HOME}/@{XDG_SSH_DIR}/known_hosts r,
owner @{user_cache_dirs}/org.remmina.Remmina/{,**} rw,
owner @{user_cache_dirs}/remmina/{,**} rw,