felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): minor profile improvments.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-09 13:56:27 +01:00
parent 6afcfa85ec
commit e17b682e51
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
7 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/systemd/systemd-inhibit
View file

@ -14,6 +14,8 @@ profile systemd-inhibit @{exec_path} flags=(attach_disconnected) {
capability net_admin, capability net_admin,
capability sys_resource, capability sys_resource,
signal receive set=term peer=packagekitd,
@{exec_path} mr, @{exec_path} mr,
@{bin}/cat rix, @{bin}/cat rix,

2
apparmor.d/groups/systemd/systemd-network-generator
View file

@ -17,6 +17,8 @@ profile systemd-network-generator @{exec_path} {
owner @{run}/systemd/network/{,**} rw, owner @{run}/systemd/network/{,**} rw,
@{run}/credentials/systemd-network-generator.service/ r,
include if exists <local/systemd-network-generator> include if exists <local/systemd-network-generator>
} }

2
apparmor.d/groups/virt/dockerd
View file

@ -89,7 +89,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
owner @{lib}/containerd/** w, owner @{lib}/containerd/** w,
owner @{lib}/docker/overlay2/*/work/{,**} rw, owner @{lib}/docker/overlay2/*/work/{,**} rw,
owner /var/lib/containerd/** w, owner /var/lib/containerd/** rw,
owner /var/lib/docker/{,**} rwk, owner /var/lib/docker/{,**} rwk,
owner /var/lib/docker/tmp/qemu-check@{int}/check rix, owner /var/lib/docker/tmp/qemu-check@{int}/check rix,

3
apparmor.d/profiles-a-f/alsactl
View file

@ -22,6 +22,9 @@ profile alsactl @{exec_path} {
@{run}/lock/card@{int}.lock rwk, @{run}/lock/card@{int}.lock rwk,
owner @{run}/alsa/{,**} rw, owner @{run}/alsa/{,**} rw,
@{sys}/devices/@{pci}/subsystem_device r,
@{sys}/devices/@{pci}/subsystem_vendor r,
include if exists <local/alsactl> include if exists <local/alsactl>
} }

1
apparmor.d/profiles-m-r/mission-control
View file

@ -23,6 +23,7 @@ profile mission-control @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/telepathy/mission-control/*.cfg* rw, owner @{user_share_dirs}/telepathy/mission-control/*.cfg* rw,
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk, owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
owner @{user_cache_dirs}/.mc_connections rw,
@{run}/systemd/inhibit/@{int}.ref rw, @{run}/systemd/inhibit/@{int}.ref rw,

1
apparmor.d/profiles-m-r/packagekitd
View file

@ -36,6 +36,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal send set=int peer=apt-methods-*, signal send set=int peer=apt-methods-*,
signal send set=term peer=systemd-inhibit,
#aa:dbus own bus=system name=org.freedesktop.PackageKit #aa:dbus own bus=system name=org.freedesktop.PackageKit

2
apparmor.d/tunables/multiarch.d/profiles
View file

@ -2,7 +2,7 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
# Define some variables for some commonly used profile. They may be used in # Define some variables for some commonly used profile. They may be used in
# other profiles peer label. # other profiles peer label.
# All variables that refer to a profile name should be prefixed with `p_` # All variables that refer to a profile name should be prefixed with `p_`