From e2b4317e11e163527108170adafcba7f30ac43ac Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 6 Jun 2024 18:46:46 +0200 Subject: [PATCH] Update runsvdir --- apparmor.d/groups/runit/runsvdir | 47 ++++++++++++++++---------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/apparmor.d/groups/runit/runsvdir b/apparmor.d/groups/runit/runsvdir index 7899a9838..36e1c94d3 100644 --- a/apparmor.d/groups/runit/runsvdir +++ b/apparmor.d/groups/runit/runsvdir @@ -8,8 +8,8 @@ abi , include -@{exec_pathrunsvdir} = @{bin}/runsvdir -profile runsvdir @{exec_pathrunsvdir} flags=(attach_disconnected) { +@{exec_path} = @{bin}/runsvdir +profile runsvdir @{exec_path} flags=(attach_disconnected) { include include include @@ -28,36 +28,37 @@ profile runsvdir @{exec_pathrunsvdir} flags=(attach_disconnected) { ptrace (read) peer=elogind, - @{exec_pathrunsvdir} mr, + @{exec_path} mr, - @{bin}/dbus-send rix, + @{bin}/dbus-send rix, @{bin}/runsv rPx, - @{bin}/bash rix, - @{bin}/utmpset rix, - @{bin}/mountpoint rix, - /etc/sv/**/run rix, - /etc/sv/**/**/run rix, - /etc/sv/**/finish rix, - /etc/sv/**/run rix, - /etc/sv/dbus/check rix, + @{bin}/bash rix, + @{bin}/utmpset rix, + @{bin}/mountpoint rix, + /etc/sv/**/run rix, + /etc/sv/**/**/run rix, + /etc/sv/**/finish rix, + /etc/sv/**/run rix, + /etc/sv/dbus/check rix, - owner / r, + owner / r, /etc/elogind/logind.conf rw, - /etc/machine-id r, - /etc/sv/ r, - /etc/sv/** rw, - /etc/runit/ r, - /etc/runit/** rw, + /etc/machine-id r, + /etc/sv/ r, + /etc/sv/** rw, + /etc/runit/ r, + /etc/runit/** rw, - owner /dev/tty@{int} rw, - owner /dev/console rwk, + owner /dev/tty@{int} rw, + owner /dev/console rwk, owner /dev/input/event@{int} rw, - owner /var/log/audit/** rw, + owner /var/log/audit/** rw, /var/lib/dbus/machine-id r, - owner /tmp/#@{int}* rw, - owner /tmp/*/{,s} rw, + owner /tmp/#@{int}* rw, + owner /tmp/*/{,s} rw, + include if exists }