felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): improve ubuntu compatibility.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-13 22:04:12 +01:00
parent 0cbcbb29a4
commit d998b1dd6e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
29 changed files with 109 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/ubuntu/apt-esm-hook
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile apt-esm-hook @{exec_path} {
include <abstractions/base>
include <abstractions/apt-common>
include <abstractions/consoles>
@{exec_path} mr,
@ -17,6 +18,7 @@ profile apt-esm-hook @{exec_path} {
/etc/machine-id r,
/var/cache/apt/pkgcache.bin.* rw,
/var/lib/ubuntu-advantage/messages/{,**} rw,
owner @{PROC}/@{pid}/fd/ r,

3
apparmor.d/groups/ubuntu/check-new-release-gtk
View file

@ -12,6 +12,7 @@ profile check-new-release-gtk @{exec_path} {
include <abstractions/apt-common>
include <abstractions/dbus-session-strict>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/python>
@ -39,6 +40,8 @@ profile check-new-release-gtk @{exec_path} {
/etc/update-manager/{,**} r,
/var/lib/update-manager/{,**} rw,
owner @{user_cache_dirs}/update-manager-core/{,**} rw,
owner @{run}/user/@{uid}/wayland-[0-9] rw,

5
apparmor.d/groups/ubuntu/list-oem-metapackages
View file

@ -18,9 +18,14 @@ profile list-oem-metapackages @{exec_path} {
/{usr/,}bin/dpkg rPx,
/{usr/,}bin/ischroot rix,
/etc/machine-id r,
@{sys}/devices/ r,
@{sys}/devices/**/ r,
@{sys}/devices/**/modalias r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/mountinfo r,
@{PROC}/filesystems r,
include if exists <local/list-oem-metapackages>

2
apparmor.d/groups/ubuntu/livepatch-notification
View file

@ -22,5 +22,7 @@ profile livepatch-notification @{exec_path} {
owner @{run}/user/@{uid}/bus rw,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/livepatch-notification>
}

2
apparmor.d/groups/ubuntu/update-motd-updates-available
View file

@ -43,6 +43,8 @@ profile update-motd-updates-available @{exec_path} {
/var/cache/apt/ r,
/var/cache/apt/** rwk,
/tmp/ r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/mountinfo r,

2
apparmor.d/groups/ubuntu/update-notifier
View file

@ -10,8 +10,10 @@ include <tunables/global>
profile update-notifier @{exec_path} {
include <abstractions/base>
include <abstractions/apt-common>
include <abstractions/audio>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/python>