felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): ensure sbctl can access tpm.

Browse source 
fix #687
This commit is contained in:
Alexandre Pujol 2025-03-18 22:52:47 +01:00
parent 9728042f69
commit debed741ca
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-s-z/sbctl
View file

@ -24,6 +24,7 @@ profile sbctl @{exec_path} {
/{boot,efi}/EFI/{,**} rw, /{boot,efi}/EFI/{,**} rw,
/{boot,efi}/vmlinuz-linux* rw, /{boot,efi}/vmlinuz-linux* rw,
@{lib}/fwupd/efi/{,**} rw, @{lib}/fwupd/efi/{,**} rw,
@{lib}/systemd/boot/efi/systemd-boot*.efi.signed rw,
@{sys}/firmware/efi/efivars/db-@{uuid} rw, @{sys}/firmware/efi/efivars/db-@{uuid} rw,
@{sys}/firmware/efi/efivars/KEK-@{uuid} rw, @{sys}/firmware/efi/efivars/KEK-@{uuid} rw,
@ -32,6 +33,7 @@ profile sbctl @{exec_path} {
@{sys}/firmware/efi/efivars/SetupMode-@{uuid} r, @{sys}/firmware/efi/efivars/SetupMode-@{uuid} r,
/dev/pts/@{int} rw, /dev/pts/@{int} rw,
/dev/tpmrm@{int} rw,
# File Inherit # File Inherit
deny network inet stream, deny network inet stream,