felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-07-06 23:46:06 +01:00
parent 8b2434c0a5
commit d480156e09
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
20 changed files with 64 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/gpg/dirmngr
View file

@ -39,6 +39,13 @@ profile dirmngr @{exec_path} {
owner @{run}/user/@{uid}/gnupg/S.dirmngr rw,
owner @{run}/user/@{uid}/gnupg/d.*/S.dirmngr rw,
# FIXME: Needed by dirmngr@.service
owner /etc/pacman.d/gnupg/ rw,
owner /etc/pacman.d/gnupg/S.dirmngr rw,
owner /etc/pacman.d/gnupg/d.*/S.dirmngr rw,
owner /etc/pacman.d/gnupg/crls.d/ rw,
owner /etc/pacman.d/gnupg/crls.d/DIR.txt rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
include if exists <local/dirmngr>

6
apparmor.d/groups/gpg/gpg
View file

@ -60,10 +60,10 @@ profile gpg @{exec_path} {
owner /var/tmp/zypp.@{rand6}/** rwkl -> /var/tmp/zypp.@{rand6}/**,
#aa:exclude ubuntu
owner @{tmp}/ostree-gpg-*/ r,
owner @{tmp}/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
owner @{tmp}/ostree-gpg-@{rand6}/ r,
owner @{tmp}/ostree-gpg-@{rand6}/** rwkl -> /tmp/ostree-gpg-@{rand6}/**,
owner @{tmp}/tmp.[a-zA-Z0-9]* rw,
owner /tmp/@{int}@{int} rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,

14
apparmor.d/groups/gpg/gpg-agent
View file

@ -58,6 +58,13 @@ profile gpg-agent @{exec_path} {
owner @{user_tmp_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{user_tmp_dirs}/**/{.,}gnupg/sshcontrol r,
#aa:only pacman
owner /etc/pacman.d/gnupg/ rw,
owner /etc/pacman.d/gnupg/private-keys-v1.d/ rw,
owner /etc/pacman.d/gnupg/private-keys-v1.d/@{hex}.key rw,
owner /etc/pacman.d/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /etc/pacman.d/gnupg/sshcontrol r,
owner /var/lib/*/.gnupg/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/@{hex}.key rw,
@ -70,17 +77,12 @@ profile gpg-agent @{exec_path} {
owner /var/lib/*/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /var/lib/*/gnupg/sshcontrol r,
#aa:only zypper
owner /var/tmp/zypp.*/ rw,
owner /var/tmp/zypp.*/{,*/}private-keys-v1.d/ rw,
owner /var/tmp/zypp.*/{,*/}private-keys-v1.d/@{hex}.key rw,
owner /var/tmp/zypp.*/{,*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{tmp}/tmp.*/gnupg/ rw,
owner @{tmp}/tmp.*/gnupg/private-keys-v1.d/ rw,
owner @{tmp}/tmp.*/gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{tmp}/tmp.*/gnupg/{,d.*/}S.gpg-agent rw,
owner @{tmp}/tmp.*/gnupg/sshcontrol r,
@{PROC}/@{pid}/fd/ r,
# Silencer