felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update and fixes.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-22 22:04:04 +01:00
parent 897302bc5b
commit d9208e0648
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
21 changed files with 78 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-a-f/acpid
View file

@ -26,8 +26,9 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
/etc/acpi/{,**} r,
/etc/acpi/handler.sh rix,
@{run}/acpid.socket w,
owner @{run}/acpid.socket rw,
owner @{run}/acpid.pid rw,
owner @{run}/acpid.pid rw,
owner @{PROC}/@{pids}/fd/ r,
owner @{PROC}/@{pids}/loginuid r,

5
apparmor.d/profiles-a-f/dfc
View file

@ -12,9 +12,8 @@ profile dfc @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
capability dac_read_search,
# No visible effect
deny capability dac_override,
capability dac_override,
capability dac_read_search,
@{exec_path} mr,

1
apparmor.d/profiles-a-f/dkms
View file

@ -30,6 +30,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
@{bin}/bc rix,
@{bin}/gcc rix,
@{bin}/getconf rix,
@{bin}/kill rix,
@{bin}/kmod rCx -> kmod,
@{bin}/ld rix,
@{bin}/lsb_release rPx -> lsb_release,

2
apparmor.d/profiles-a-f/foliate
View file

@ -40,7 +40,7 @@ profile foliate @{exec_path} flags=(attach_disconnected) {
/usr/share/com.github.johnfactotum.Foliate/{,**} r,
owner /bindfile@{rand6} rw,
owner @{att}/.flatpak-info r,
owner /.flatpak-info r,
owner @{user_books_dirs}/{,**} r,
owner @{user_torrents_dirs}/{,**} r,

21
apparmor.d/profiles-a-f/fwupd
View file

@ -66,11 +66,8 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
/etc/pki/fwupd-metadata/{,**} r,
/etc/pki/fwupd/{,**} r,
/var/cache/fwupd/{,**} rw,
/var/lib/flatpak/exports/share/mime/mime.cache r,
/var/lib/fwupd/{,**} rw,
/var/lib/fwupd/pending.db rwk,
/var/tmp/etilqs_@{hex16} rw,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/boot/{,**} r,
/boot/EFI/*/.goutputstream-@{rand6} rw,
@ -78,8 +75,12 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
/boot/EFI/*/fwupdx@{int}.efi rw,
@{lib}/fwupd/efi/fwupdx@{int}.efi{,.signed} r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/var/lib/flatpak/exports/share/mime/mime.cache r,
/var/tmp/etilqs_@{hex16} rw,
owner /var/cache/fwupd/ rw,
owner /var/cache/fwupd/** rwk,
owner /var/lib/fwupd/ rw,
owner /var/lib/fwupd/** rwk,
# In order to get to this file, the attach_disconnected flag has to be set
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r,
@ -88,8 +89,6 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/**/ r,
@{sys}/devices/** r,
@{sys}/bus/hid/drivers/*/uevent r,
@{sys}/bus/usb/drivers/usbhid/uevent r,
@{sys}/firmware/acpi/** r,
@{sys}/firmware/dmi/tables/DMI r,
@{sys}/firmware/dmi/tables/smbios_entry_point r,
@ -99,9 +98,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/firmware/efi/efivars/fwupd-* rw,
@{sys}/kernel/security/lockdown r,
@{sys}/kernel/security/tpm@{int}/binary_bios_measurements r,
@{sys}/module/*/uevent r,
@{sys}/module/uhid/uevent r,
@{sys}/module/usbhid/uevent r,
@{sys}/**/uevent r,
@{sys}/power/mem_sleep r,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,