felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update and fixes.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-22 22:04:04 +01:00
parent 897302bc5b
commit d9208e0648
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
21 changed files with 78 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

45
apparmor.d/profiles-m-r/mkinitramfs
View file

@ -50,6 +50,7 @@ profile mkinitramfs @{exec_path} {
@{bin}/touch rix,
@{bin}/tr rix,
@{bin}/tsort rix,
@{bin}/uniq rix,
@{bin}/xargs rix,
@{bin}/xz rix,
@{bin}/zstd rix,
@ -85,13 +86,15 @@ profile mkinitramfs @{exec_path} {
owner /boot/initrd.img-*.new rw,
/var/tmp/ r,
/var/tmp/mkinitramfs_*/usr/lib/modules/*/modules.{order,builtin} rw,
owner /var/tmp/mkinitramfs_*/ rw,
owner /var/tmp/mkinitramfs_*/** rwl -> /var/tmp/mkinitramfs_*/**,
owner /var/tmp/mkinitramfs-* rw,
/var/tmp/modules_@{rand6} rw,
/var/tmp/mkinitramfs_@{rand6}/@{lib}/modules/*/modules.{order,builtin} rw,
owner /var/tmp/mkinitramfs_@{rand6} rw,
owner /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_*/**,
owner /var/tmp/mkinitramfs-@{rand6} rw,
@{sys}/devices/platform/ r,
@{sys}/devices/platform/reg-dummy/{,**}/ r,
@{sys}/devices/platform/**/ r,
@{sys}/devices/platform/**/modalias r,
@{sys}/module/compression r,
@{PROC}/cmdline r,
@ -126,18 +129,18 @@ profile mkinitramfs @{exec_path} {
@{sh_path} rix,
@{bin}/ldconfig.real rix,
owner /var/tmp/mkinitramfs_*/etc/ld.so.conf r,
owner /var/tmp/mkinitramfs_*/etc/ld.so.conf.d/{,*.conf} r,
owner /var/tmp/mkinitramfs_@{rand6}/etc/ld.so.conf r,
owner /var/tmp/mkinitramfs_@{rand6}/etc/ld.so.conf.d/{,*.conf} r,
owner /var/tmp/mkinitramfs_*/{usr/,}lib{,32,x32}/ r,
owner /var/tmp/mkinitramfs_*/{usr/,}lib/@{multiarch}/ r,
owner /var/tmp/mkinitramfs_*/{usr/,}lib/@{multiarch}/*.so* rw,
owner /var/tmp/mkinitramfs_*/{usr/,}lib{,32,x32}/*.so* rw,
owner /var/tmp/mkinitramfs_@{rand6}/@{lib}/ r,
owner /var/tmp/mkinitramfs_@{rand6}/@{lib}/@{multiarch}/ r,
owner /var/tmp/mkinitramfs_@{rand6}/@{lib}/@{multiarch}/*.so* rw,
owner /var/tmp/mkinitramfs_@{rand6}/@{lib}/*.so* rw,
owner /var/tmp/mkinitramfs_*/etc/ld.so.cache{,~} rw,
owner /var/tmp/mkinitramfs_@{rand6}/etc/ld.so.cache{,~} rw,
owner /var/tmp/mkinitramfs_*/var/cache/ldconfig/ rw,
owner /var/tmp/mkinitramfs_*/var/cache/ldconfig/aux-cache{,~} rw,
owner /var/tmp/mkinitramfs_@{rand6}/var/cache/ldconfig/ rw,
owner /var/tmp/mkinitramfs_@{rand6}/var/cache/ldconfig/aux-cache{,~} rw,
include if exists <local/mkinitramfs_ldconfig>
}
@ -156,7 +159,7 @@ profile mkinitramfs @{exec_path} {
/usr/share/initramfs-tools/scripts/{,**/} r,
/etc/initramfs-tools/scripts/{,**/} r,
owner /var/tmp/mkinitramfs_*/{,**/} r,
owner /var/tmp/mkinitramfs_@{rand6}/{,**/} r,
include if exists <local/mkinitramfs_find>
}
@ -165,11 +168,13 @@ profile mkinitramfs @{exec_path} {
include <abstractions/base>
include <abstractions/app/kmod>
owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/ r,
owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/modules.* rw,
owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/updates/{,**} r,
owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/kernel/{,**/} r,
owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/kernel/**/*.ko r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/ r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/modules.* rw,
owner /var/tmp/mkinitramfs_@{rand6}usr/lib/modules/*/updates/{,**} r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/{,**/} r,
owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/**/*.ko* r,
@{sys}/module/compression r,
include if exists <local/mkinitramfs_kmod>
}