feat(abs): update debconf abs.
This commit is contained in:
Alexandre Pujol
parent
3848838e53
commit
d5926e9411
12 changed files with 35 additions and 82 deletions
|
|
@ -9,11 +9,18 @@
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/perl>
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/locale ix,
|
||||
@{bin}/whiptail Px,
|
||||
|
||||
/usr/share/debconf/frontend rix,
|
||||
/usr/share/debconf/confmodule r,
|
||||
|
||||
/etc/debconf.conf r,
|
||||
|
||||
/var/ r,
|
||||
/var/cache/ r,
|
||||
/var/cache/debconf/ r,
|
||||
owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
|
||||
|
||||
include if exists <abstractions/common/debconf.d>
|
||||
|
|
|
|||
|
|
@ -20,9 +20,7 @@ profile debconf-frontend @{exec_path} flags=(complain) {
|
|||
|
||||
@{exec_path} r,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/hostname ix,
|
||||
@{bin}/locale ix,
|
||||
@{bin}/lsb_release Px -> lsb_release,
|
||||
@{bin}/stty ix,
|
||||
@{sbin}/update-secureboot-policy Px,
|
||||
|
|
@ -32,7 +30,6 @@ profile debconf-frontend @{exec_path} flags=(complain) {
|
|||
@{bin}/debconf-apt-progress Px,
|
||||
@{bin}/linux-check-removal Px,
|
||||
@{bin}/ucf Px,
|
||||
@{bin}/whiptail Px,
|
||||
@{sbin}/aspell-autobuildhash Px,
|
||||
@{sbin}/pam-auth-update Px,
|
||||
@{lib}/tasksel/tasksel-debconf Px -> tasksel,
|
||||
|
|
@ -45,7 +42,7 @@ profile debconf-frontend @{exec_path} flags=(complain) {
|
|||
# Package maintainer's scripts
|
||||
/var/lib/dpkg/info/*.@{dpkg_script_ext} Px,
|
||||
/var/lib/dpkg/info/*.control r,
|
||||
/var/lib/dpkg/tmp.ci/@{dpkg_script_ext} Px,
|
||||
/var/lib/dpkg/tmp.ci/@{dpkg_script_ext} Px -> dpkg-scripts,
|
||||
|
||||
# DKMS scipts
|
||||
@{lib}/dkms/common.postinst rPUx,
|
||||
|
|
|
|||
|
|
@ -10,11 +10,9 @@ include <tunables/global>
|
|||
profile dpkg-script-apparmor @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/common/debconf>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/grep ix,
|
||||
|
||||
@{bin}/deb-systemd-helper Px,
|
||||
|
|
|
|||
|
|
@ -13,10 +13,7 @@ profile dpkg-script-linux @{exec_path} {
|
|||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/cat ix,
|
||||
@{bin}/locale ix,
|
||||
@{bin}/mkdir ix,
|
||||
@{bin}/mkdir ix,
|
||||
@{bin}/rm ix,
|
||||
@{bin}/run-parts ix,
|
||||
|
|
@ -26,7 +23,6 @@ profile dpkg-script-linux @{exec_path} {
|
|||
@{bin}/kmod Px,
|
||||
@{bin}/linux-check-removal Px,
|
||||
@{bin}/linux-update-symlinks Px,
|
||||
@{bin}/whiptail Px,
|
||||
@{bin}/dpkg-maintscript-helper Px,
|
||||
|
||||
/usr/share/{update,reboot}-notifier/notify-reboot-required Px,
|
||||
|
|
|
|||
|
|
@ -10,12 +10,9 @@ include <tunables/global>
|
|||
profile dpkg-script-systemd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/common/debconf>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
||||
@{coreutils_path} rix,
|
||||
@{bin}/bootctl Px,
|
||||
@{bin}/deb-systemd-helper Px,
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ profile dpkg-scripts @{exec_path} {
|
|||
@{bin}/getent ix,
|
||||
@{bin}/gzip ix,
|
||||
@{bin}/helpztags ix,
|
||||
@{bin}/locale ix,
|
||||
@{bin}/tput ix,
|
||||
@{bin}/zcat ix,
|
||||
@{lib}/ubuntu-advantage/cloud-id-shim.sh ix,
|
||||
|
|
|
|||
|
|
@ -13,10 +13,9 @@ profile grub-check-signatures @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{m,g,}awk rix,
|
||||
@{bin}/mktemp rix,
|
||||
@{bin}/od rix,
|
||||
@{bin}/{m,g,}awk ix,
|
||||
@{bin}/mktemp ix,
|
||||
@{bin}/od ix,
|
||||
|
||||
owner @{tmp}/tmp.@{rand10}/ rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,12 +14,7 @@ profile linux-check-removal @{exec_path} {
|
|||
|
||||
@{exec_path} rmix,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/stty rix,
|
||||
@{bin}/locale rix,
|
||||
@{bin}/whiptail rPx,
|
||||
|
||||
audit owner @{tmp}/file* w,
|
||||
|
||||
include if exists <local/linux-check-removal>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/whiptail rPx,
|
||||
@{bin}/who rix,
|
||||
@{lib}/needrestart/* rPx,
|
||||
/usr/share/debconf/frontend rix,
|
||||
/usr/share/debconf/frontend rCx -> debconf,
|
||||
|
||||
/etc/debconf.conf r,
|
||||
/etc/init.d/* r,
|
||||
|
|
@ -97,6 +97,13 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
|
|||
include if exists <local/needrestart_udevadm>
|
||||
}
|
||||
|
||||
profile debconf {
|
||||
include <abstractions/base>
|
||||
include <abstractions/common/debconf>
|
||||
|
||||
include if exists <local/needrestart_debconf>
|
||||
}
|
||||
|
||||
include if exists <local/needrestart>
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,56 +10,18 @@ include <tunables/global>
|
|||
@{exec_path} = @{sbin}/pam-auth-update
|
||||
profile pam-auth-update @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/perl>
|
||||
include <abstractions/common/debconf>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/md5sum rix,
|
||||
@{bin}/cp rix,
|
||||
@{bin}/md5sum ix,
|
||||
@{bin}/cp ix,
|
||||
|
||||
# Think what to do about this (#FIXME#)
|
||||
/usr/share/debconf/frontend rPx,
|
||||
#/usr/share/debconf/frontend rCx -> frontend,
|
||||
|
||||
/etc/pam.d/* rw,
|
||||
/var/lib/pam/* rw,
|
||||
/usr/share/pam{,-configs}/{,*} r,
|
||||
|
||||
/etc/pam.d/* rw,
|
||||
|
||||
profile frontend flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/perl>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
/usr/share/debconf/frontend r,
|
||||
|
||||
@{sbin}/pam-auth-update rPx,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/stty rix,
|
||||
@{bin}/locale rix,
|
||||
|
||||
/etc/debconf.conf r,
|
||||
owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
|
||||
/usr/share/debconf/templates/adequate.templates r,
|
||||
|
||||
# The following is needed when debconf uses GUI frontends.
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/freedesktop.org>
|
||||
capability dac_read_search,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/hostname rix,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
@{HOME}/.Xauthority r,
|
||||
|
||||
/etc/shadow r,
|
||||
|
||||
include if exists <local/pam-auth-update_frontend>
|
||||
}
|
||||
/var/lib/pam/* rw,
|
||||
|
||||
include if exists <local/pam-auth-update>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,9 +14,8 @@ profile tasksel @{exec_path} flags=(complain) {
|
|||
|
||||
@{exec_path} r,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/tempfile rix,
|
||||
@{lib}/tasksel/tasksel-debconf rix,
|
||||
@{bin}/tempfile ix,
|
||||
@{lib}/tasksel/tasksel-debconf ix,
|
||||
@{lib}/tasksel/tests/* Cx -> tasksel-tests,
|
||||
|
||||
# Do not strip env to avoid errors like the following:
|
||||
|
|
@ -29,13 +28,11 @@ profile tasksel @{exec_path} flags=(complain) {
|
|||
|
||||
/usr/share/tasksel/{,**} r,
|
||||
|
||||
owner @{tmp}/file* w,
|
||||
|
||||
profile tasksel-tests flags=(complain) {
|
||||
include <abstractions/base>
|
||||
|
||||
@{lib}/tasksel/tests/* r,
|
||||
@{sh_path} rix,
|
||||
@{lib}/tasksel/tests/* r,
|
||||
|
||||
include if exists <local/tasksel_tasksel-tests>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,15 +14,14 @@ profile update-secureboot-policy @{exec_path} {
|
|||
|
||||
@{exec_path} rm,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{,m,g}awk rix,
|
||||
@{bin}/dpkg-trigger rPx,
|
||||
@{bin}/find rix,
|
||||
@{bin}/id rix,
|
||||
@{bin}/od rix,
|
||||
@{bin}/sort rix,
|
||||
@{bin}/touch rix,
|
||||
@{bin}/wc rix,
|
||||
@{bin}/{,m,g}awk ix,
|
||||
@{bin}/dpkg-trigger Px,
|
||||
@{bin}/find ix,
|
||||
@{bin}/id ix,
|
||||
@{bin}/od ix,
|
||||
@{bin}/sort ix,
|
||||
@{bin}/touch ix,
|
||||
@{bin}/wc ix,
|
||||
|
||||
/ r,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue