From d93db0eca92f7255040ab7ecdd88ef82c7a1610c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 9 Mar 2025 23:43:39 +0100 Subject: [PATCH] feat(profile): add motd. --- apparmor.d/profiles-m-r/motd | 58 ++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 apparmor.d/profiles-m-r/motd diff --git a/apparmor.d/profiles-m-r/motd b/apparmor.d/profiles-m-r/motd new file mode 100644 index 000000000..414512c89 --- /dev/null +++ b/apparmor.d/profiles-m-r/motd @@ -0,0 +1,58 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /etc/update-motd.d/* +profile motd @{exec_path} { + include + include + + network inet dgram, + network inet6 dgram, + network netlink raw, + + @{exec_path} mr, + + @{sh_path} rix, + @{bin}/{e,}grep rix, + @{bin}/cat rix, + @{bin}/cut rix, + @{bin}/find rix, + @{bin}/head rix, + @{bin}/hostname rPx, + @{bin}/id rix, + @{bin}/snap rPx, + @{bin}/sort rix, + @{bin}/tr rix, + @{bin}/uname rPx, + + @{lib}/ubuntu-release-upgrader/release-upgrade-motd rPx, + @{lib}/update-notifier/update-motd-fsck-at-reboot rPx, + @{lib}/update-notifier/update-motd-reboot-required rix, + /usr/share/unattended-upgrades/update-motd-unattended-upgrades rix, + /usr/share/update-notifier/notify-updates-outdated rPx, + + / r, + /etc/default/motd-news r, + /etc/lsb-release r, + /etc/update-motd.d/* r, + + /var/cache/motd-news rw, + /var/lib/update-notifier/updates-available r, + /var/lib/ubuntu-advantage/messages/motd-esm-announce r, + + @{run}/motd.d/{,*} r, + @{run}/motd.dynamic.new rw, + + @{PROC}/@{pids}/mounts r, + + /dev/tty@{int} rw, + + include if exists +} + +# vim:syntax=apparmor