felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): add initial profile for systemd-initctl.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-31 13:50:20 +02:00
parent 6c6e1c3456
commit d76bc0b3be
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 28 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
apparmor.d/groups/systemd/systemd-initctl Normal file
View file

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-initctl
profile systemd-initctl @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/common/systemd>
capability net_admin,
unix type=stream addr=@@{udbus}/bus/systemd-initctl/,
@{exec_path} mr,
@{run}/initctl rw,
@{run}/systemd/notify rw,
include if exists <local/systemd-initctl>
}
# vim:syntax=apparmor

1
dists/flags/main.flags
View file

@ -353,6 +353,7 @@ systemd-generator-veritysetup attach_disconnected,complain
systemd-homed attach_disconnected,complain systemd-homed attach_disconnected,complain
systemd-homework complain systemd-homework complain
systemd-inhibit attach_disconnected,complain systemd-inhibit attach_disconnected,complain
systemd-initctl attach_disconnected,complain
systemd-journald attach_disconnected,mediate_deleted systemd-journald attach_disconnected,mediate_deleted
systemd-mount complain systemd-mount complain
systemd-network-generator attach_disconnected,complain systemd-network-generator attach_disconnected,complain