felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): update linux check scripts.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-18 23:42:34 +02:00
parent a5faf60fbc
commit d18aafaa96
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 34 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

40
apparmor.d/profiles-g-l/linux-check-removal
View file

@ -10,42 +10,16 @@ include <tunables/global>
@{exec_path} = @{bin}/linux-check-removal @{exec_path} = @{bin}/linux-check-removal
profile linux-check-removal @{exec_path} flags=(complain) { profile linux-check-removal @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/common/debconf>
include <abstractions/perl>
@{exec_path} r, @{exec_path} rmix,
# Think what to do about this (#FIXME#) @{sh_path} rix,
/usr/share/debconf/frontend rPx, @{bin}/stty rix,
#/usr/share/debconf/frontend rCx -> frontend, @{bin}/locale rix,
@{bin}/whiptail rPx,
audit owner @{tmp}/file* w,
profile frontend flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/perl>
include <abstractions/nameservice-strict>
/usr/share/debconf/frontend r,
@{bin}/linux-check-removal rPx,
@{sh_path} rix,
@{bin}/stty rix,
@{bin}/locale rix,
# The following is needed when debconf uses dialog/whiptail frontend.
@{bin}/whiptail rPx,
owner @{tmp}/file* w,
/usr/share/debconf/confmodule r,
/etc/debconf.conf r,
owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
/usr/share/debconf/templates/adequate.templates r,
include if exists <local/linux-check-removal_frontend>
}
include if exists <local/linux-check-removal> include if exists <local/linux-check-removal>
} }

25
apparmor.d/profiles-g-l/linux-update-symlinks Normal file
View file

@ -0,0 +1,25 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/linux-update-symlinks
profile linux-update-symlinks @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/perl>
@{exec_path} mr,
/etc/kernel-img.conf r,
@{efi}/ r,
@{efi}/* rw,
include if exists <local/linux-update-symlinks>
}
# vim:syntax=apparmor

2
dists/flags/main.flags
View file

@ -216,6 +216,8 @@ libvirt-dbus complain
libvirtd attach_disconnected,complain libvirtd attach_disconnected,complain
lightdm attach_disconnected,complain lightdm attach_disconnected,complain
lightdm-session complain lightdm-session complain
linux-check-removal complain
linux-update-symlinks complain
locale-gen complain locale-gen complain
localectl complain localectl complain
localsearch complain localsearch complain