feat(profiles): remove unused user role & mappings

- Not enabled, tested. - Will come back under another form later.
2025-01-15 00:08:43 +01:00 · 2025-01-15 00:08:43 +01:00 · d20435eb21
commit d20435eb21
parent ba067a0214
4 changed files with 0 additions and 160 deletions
--- a/apparmor.d/profiles-m-r/pam/mappings
+++ b/apparmor.d/profiles-m-r/pam/mappings
@ -1,72 +0,0 @@
-# apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2019-2021 Mikhail Morfikov
-# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
-# SPDX-License-Identifier: GPL-2.0-only
-
-# See more at: https://gitlab.com/apparmor/apparmor/wikis/Pam_apparmor_example
-
-# This file contains the mappings from users to roles for the binaries
-# confined with AppArmor and configured for use with libpam-apparmor. Users
-# without a mapping will not be able to login.
-#
-# The default hat is a confined user. The hat contains only the permissions
-# necessary to transition to the user's login shell. All other permissions have
-# been moved into the default_user profile.
-^DEFAULT {
-  include <abstractions/authentication>
-  include <abstractions/nameservice>
-
-  capability dac_override,
-  capability setgid,
-  capability setuid,
-
-  /etc/default/su r,
-  @{etc_ro}/environment r,
-
-  @{shells_path}  rPx -> user_default,
-
-  include if exists <local/pam_default>
-}
-
-# USER is a confined user. The hat contains only the permissions necessary
-# to transition to gray's login shell. All other permissions have been
-# moved into the confined_user profile.
-^USER {
-  include <abstractions/authentication>
-  include <abstractions/nameservice>
-
-  capability dac_override,
-  capability audit_write,
-  capability setgid,
-  capability setuid,
-
-  @{shells_path}  rPx -> user_confined,
-
-  /etc/default/su r,
-  @{etc_ro}/environment r,
-
-  include if exists <local/pam_user>
-}
-
-# Don't confine members whose primary group is 'admin' who are not specifically
-# confined. Systems without this special primary group may want to define an
-# unconfined 'root' hat in this manner (depending on site policy).
-^root {
-  include <abstractions/authentication>
-  include <abstractions/nameservice>
-  include <abstractions/wutmp>
-
-  capability dac_override,
-  capability audit_write,
-  capability setgid,
-  capability setuid,
-
-  @{shells_path}     rUx,
-
-  /etc/default/su r,
-  @{etc_ro}/environment r,
-
-  include if exists <local/pam_root>
-}
-
-# vim:syntax=apparmor