felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: pids means all pid.

Browse source
This commit is contained in:
Alexandre Pujol 2025-09-11 23:39:13 +02:00
parent 4d7e03a9e2
commit e5012e381e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 32 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

39
apparmor.d/groups/_full/sd
View file

@ -195,25 +195,26 @@ profile sd flags=(attach_disconnected,mediate_deleted,complain) {
@{sys}/firmware/efi/efivars/** w,
@{sys}/fs/cgroup/{,**} w,
@{PROC}/@{pid}/attr/apparmor/exec w,
@{PROC}/@{pid}/attr/current r,
@{PROC}/@{pid}/cgroup r,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/comm r,
@{PROC}/@{pid}/environ r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/fdinfo/@{int} r,
@{PROC}/@{pid}/gid_map w,
@{PROC}/@{pid}/limits r,
@{PROC}/@{pid}/loginuid rw,
@{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/oom_score_adj rw,
@{PROC}/@{pid}/sessionid r,
@{PROC}/@{pid}/setgroups r,
@{PROC}/@{pid}/setgroups w,
@{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/uid_map r,
@{PROC}/@{pid}/uid_map w,
@{PROC}/@{pids}/attr/apparmor/exec w,
@{PROC}/@{pids}/attr/current r,
@{PROC}/@{pids}/cgroup r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/@{pids}/comm r,
@{PROC}/@{pids}/environ r,
@{PROC}/@{pids}/fd/ r,
@{PROC}/@{pids}/fdinfo/@{int} r,
@{PROC}/@{pids}/gid_map w,
@{PROC}/@{pids}/limits r,
@{PROC}/@{pids}/loginuid rw,
@{PROC}/@{pids}/mountinfo r,
@{PROC}/@{pids}/oom_score_adj rw,
@{PROC}/@{pids}/sessionid r,
@{PROC}/@{pids}/setgroups r,
@{PROC}/@{pids}/setgroups w,
@{PROC}/@{pids}/stat r,
@{PROC}/@{pids}/status r,
@{PROC}/@{pids}/uid_map r,
@{PROC}/@{pids}/uid_map w,
@{PROC}/cmdline r,
@{PROC}/interrupts r,
@{PROC}/irq/@{int}/node r,

12
apparmor.d/groups/bus/dbus-system
View file

@ -77,12 +77,12 @@ profile dbus-system flags=(attach_disconnected) {
@{sys}/kernel/security/apparmor/features/dbus/mask r,
@{sys}/module/apparmor/parameters/enabled r,
@{PROC}/@{pid}/attr/apparmor/current r,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/environ r,
@{PROC}/@{pid}/mounts r,
@{PROC}/@{pid}/oom_score_adj r,
@{PROC}/@{pid}/status r,
@{PROC}/@{pids}/attr/apparmor/current r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/@{pids}/environ r,
@{PROC}/@{pids}/mounts r,
@{PROC}/@{pids}/oom_score_adj r,
@{PROC}/@{pids}/status r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
owner @{PROC}/@{pid}/fd/ r,

12
apparmor.d/profiles-m-r/needrestart
View file

@ -56,12 +56,12 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
/tmp/@{word10}/ rw,
@{PROC}/ r,
@{PROC}/@{pid}/cgroup r,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/environ r,
@{PROC}/@{pid}/maps r,
@{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/status r,
@{PROC}/@{pids}/cgroup r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/@{pids}/environ r,
@{PROC}/@{pids}/maps r,
@{PROC}/@{pids}/stat r,
@{PROC}/@{pids}/status r,
owner @{PROC}/@{pid}/fd/ r,
/dev/ r,