felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): snap - ensure snap profile can all rm their own lib_dirs.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-23 16:33:18 +01:00
parent a5385c594a
commit d44001b71f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/snap/snap-discard-ns
View file

@ -20,6 +20,7 @@ profile snap-discard-ns @{exec_path} {
umount @{run}/snapd/ns/*.mnt, umount @{run}/snapd/ns/*.mnt,
@{exec_path} mr, @{exec_path} mr,
@{lib_dirs}/**.so* mr,
/ r, / r,
@{run}/ r, @{run}/ r,

1
apparmor.d/groups/snap/snap-failure
View file

@ -13,6 +13,7 @@ profile snap-failure @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} mr, @{exec_path} mr,
@{lib_dirs}/**.so* mr,
@{bin}/systemctl rCx -> systemctl, @{bin}/systemctl rCx -> systemctl,
@{lib_dirs}/snapd/snapd rPx, @{lib_dirs}/snapd/snapd rPx,

1
apparmor.d/groups/snap/snap-seccomp
View file

@ -19,7 +19,6 @@ profile snap-seccomp @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} mr, @{exec_path} mr,
@{lib_dirs}/**.so* mr, @{lib_dirs}/**.so* mr,
@{bin}/getent rix, @{bin}/getent rix,

1
apparmor.d/groups/snap/snap-update-ns
View file

@ -30,6 +30,7 @@ profile snap-update-ns @{exec_path} {
umount /usr/share/xml/iso-codes/, umount /usr/share/xml/iso-codes/,
@{exec_path} mr, @{exec_path} mr,
@{lib_dirs}/**.so* mr,
@{lib}/@{multiarch}/webkit2gtk-@{version}/ w, @{lib}/@{multiarch}/webkit2gtk-@{version}/ w,
/usr/share/xml/iso-codes/ w, /usr/share/xml/iso-codes/ w,

1
apparmor.d/groups/snap/snapd-aa-prompt-listener
View file

@ -13,6 +13,7 @@ profile snapd-aa-prompt-listener @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} mrix, @{exec_path} mrix,
@{lib_dirs}/**.so* mr,
@{lib_dirs}/snapd/info r, @{lib_dirs}/snapd/info r,

1
apparmor.d/groups/snap/snapd-aa-prompt-ui
View file

@ -13,6 +13,7 @@ profile snapd-aa-prompt-ui @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} mrix, @{exec_path} mrix,
@{lib_dirs}/**.so* mr,
@{lib_dirs}/snapd/info r, @{lib_dirs}/snapd/info r,