From e5012e381efa8eefb028f661606aa159e0cd46a1 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 11 Sep 2025 23:39:13 +0200 Subject: [PATCH] chore: pids means all pid. --- apparmor.d/groups/_full/sd | 39 +++++++++++++++-------------- apparmor.d/groups/bus/dbus-system | 12 ++++----- apparmor.d/profiles-m-r/needrestart | 12 ++++----- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/apparmor.d/groups/_full/sd b/apparmor.d/groups/_full/sd index 13864f2dd..ccdbf338b 100644 --- a/apparmor.d/groups/_full/sd +++ b/apparmor.d/groups/_full/sd @@ -195,25 +195,26 @@ profile sd flags=(attach_disconnected,mediate_deleted,complain) { @{sys}/firmware/efi/efivars/** w, @{sys}/fs/cgroup/{,**} w, - @{PROC}/@{pid}/attr/apparmor/exec w, - @{PROC}/@{pid}/attr/current r, - @{PROC}/@{pid}/cgroup r, - @{PROC}/@{pid}/cmdline r, - @{PROC}/@{pid}/comm r, - @{PROC}/@{pid}/environ r, - @{PROC}/@{pid}/fd/ r, - @{PROC}/@{pid}/fdinfo/@{int} r, - @{PROC}/@{pid}/gid_map w, - @{PROC}/@{pid}/limits r, - @{PROC}/@{pid}/loginuid rw, - @{PROC}/@{pid}/mountinfo r, - @{PROC}/@{pid}/oom_score_adj rw, - @{PROC}/@{pid}/sessionid r, - @{PROC}/@{pid}/setgroups r, - @{PROC}/@{pid}/setgroups w, - @{PROC}/@{pid}/stat r, - @{PROC}/@{pid}/uid_map r, - @{PROC}/@{pid}/uid_map w, + @{PROC}/@{pids}/attr/apparmor/exec w, + @{PROC}/@{pids}/attr/current r, + @{PROC}/@{pids}/cgroup r, + @{PROC}/@{pids}/cmdline r, + @{PROC}/@{pids}/comm r, + @{PROC}/@{pids}/environ r, + @{PROC}/@{pids}/fd/ r, + @{PROC}/@{pids}/fdinfo/@{int} r, + @{PROC}/@{pids}/gid_map w, + @{PROC}/@{pids}/limits r, + @{PROC}/@{pids}/loginuid rw, + @{PROC}/@{pids}/mountinfo r, + @{PROC}/@{pids}/oom_score_adj rw, + @{PROC}/@{pids}/sessionid r, + @{PROC}/@{pids}/setgroups r, + @{PROC}/@{pids}/setgroups w, + @{PROC}/@{pids}/stat r, + @{PROC}/@{pids}/status r, + @{PROC}/@{pids}/uid_map r, + @{PROC}/@{pids}/uid_map w, @{PROC}/cmdline r, @{PROC}/interrupts r, @{PROC}/irq/@{int}/node r, diff --git a/apparmor.d/groups/bus/dbus-system b/apparmor.d/groups/bus/dbus-system index 235c44cd4..1b62a1086 100644 --- a/apparmor.d/groups/bus/dbus-system +++ b/apparmor.d/groups/bus/dbus-system @@ -77,12 +77,12 @@ profile dbus-system flags=(attach_disconnected) { @{sys}/kernel/security/apparmor/features/dbus/mask r, @{sys}/module/apparmor/parameters/enabled r, - @{PROC}/@{pid}/attr/apparmor/current r, - @{PROC}/@{pid}/cmdline r, - @{PROC}/@{pid}/environ r, - @{PROC}/@{pid}/mounts r, - @{PROC}/@{pid}/oom_score_adj r, - @{PROC}/@{pid}/status r, + @{PROC}/@{pids}/attr/apparmor/current r, + @{PROC}/@{pids}/cmdline r, + @{PROC}/@{pids}/environ r, + @{PROC}/@{pids}/mounts r, + @{PROC}/@{pids}/oom_score_adj r, + @{PROC}/@{pids}/status r, @{PROC}/cmdline r, @{PROC}/sys/kernel/osrelease r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index c55393753..a09008ac3 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -56,12 +56,12 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { /tmp/@{word10}/ rw, @{PROC}/ r, - @{PROC}/@{pid}/cgroup r, - @{PROC}/@{pid}/cmdline r, - @{PROC}/@{pid}/environ r, - @{PROC}/@{pid}/maps r, - @{PROC}/@{pid}/stat r, - @{PROC}/@{pid}/status r, + @{PROC}/@{pids}/cgroup r, + @{PROC}/@{pids}/cmdline r, + @{PROC}/@{pids}/environ r, + @{PROC}/@{pids}/maps r, + @{PROC}/@{pids}/stat r, + @{PROC}/@{pids}/status r, owner @{PROC}/@{pid}/fd/ r, /dev/ r,