felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): fwupd

Browse source 
fix #752
This commit is contained in:
Alexandre Pujol 2025-05-26 23:52:39 +02:00
parent a08c99dcb7
commit d5002a6774
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-a-f/fwupd
View file

@ -50,6 +50,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
/usr/share/fwupd/{,**} r, /usr/share/fwupd/{,**} r,
/usr/share/hwdata/* r, /usr/share/hwdata/* r,
/usr/share/libdrm/*.ids
/usr/share/mime/mime.cache r, /usr/share/mime/mime.cache r,
/etc/fwupd/{,**} rw, /etc/fwupd/{,**} rw,
@ -80,6 +81,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/**/ r, @{sys}/**/ r,
@{sys}/devices/** r, @{sys}/devices/** r,
@{sys}/**/uevent r,
@{sys}/firmware/acpi/** r, @{sys}/firmware/acpi/** r,
@{sys}/firmware/dmi/tables/DMI r, @{sys}/firmware/dmi/tables/DMI r,
@{sys}/firmware/dmi/tables/smbios_entry_point r, @{sys}/firmware/dmi/tables/smbios_entry_point r,
@ -87,9 +89,9 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw, @{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw,
@{sys}/firmware/efi/efivars/BootNext-@{uuid} rw, @{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
@{sys}/firmware/efi/efivars/fwupd-* rw, @{sys}/firmware/efi/efivars/fwupd-* rw,
@{sys}/firmware/efi/efivars/KEK-@{uuid} rw,
@{sys}/kernel/security/lockdown r, @{sys}/kernel/security/lockdown r,
@{sys}/kernel/security/tpm@{int}/binary_bios_measurements r, @{sys}/kernel/security/tpm@{int}/binary_bios_measurements r,
@{sys}/**/uevent r,
@{sys}/power/mem_sleep r, @{sys}/power/mem_sleep r,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw, @{att}/@{run}/systemd/inhibit/@{int}.ref rw,

3
apparmor.d/profiles-a-f/fwupdmgr
View file

@ -34,6 +34,9 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected) {
@{bin}/dbus-launch Cx -> bus, @{bin}/dbus-launch Cx -> bus,
@{bin}/pkttyagent Px, @{bin}/pkttyagent Px,
/usr/share/terminfo/** r,
/etc/inputrc r,
/etc/machine-id r, /etc/machine-id r,
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw, owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,