feat(profiles): general update.
This commit is contained in:
Alexandre Pujol
parent
802cfb3278
commit
e6c91fdfd7
26 changed files with 163 additions and 122 deletions
|
|
@ -27,7 +27,7 @@ profile child-systemctl flags=(attach_disconnected) {
|
|||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd[0-9]
|
||||
dbus send bus=system path=/org/freedesktop/systemd[0-9]/Unit
|
||||
interface=org.freedesktop.systemd[0-9].Manager
|
||||
member=GetUnitFileState,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,18 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/systemd-analyze
|
||||
profile systemd-analyze @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/systemd-common>
|
||||
|
||||
capability sys_resource,
|
||||
capability net_admin,
|
||||
|
||||
network inet dgram,
|
||||
network netlink raw,
|
||||
|
||||
signal (send) peer=child-pager,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
|
@ -28,12 +34,8 @@ profile systemd-analyze @{exec_path} {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
signal (send) peer=child-pager,
|
||||
|
||||
network inet dgram,
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}lib/systemd/system-environment-generators/* rix,
|
||||
|
||||
/{usr/,}bin/pager rPx -> child-pager,
|
||||
|
|
@ -68,13 +70,12 @@ profile systemd-analyze @{exec_path} {
|
|||
@{sys}/firmware/efi/efivars/LoaderTimeInitUSec-@{uuid} r,
|
||||
@{sys}/firmware/efi/efivars/LoaderTimeExecUSec-@{uuid} r,
|
||||
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/comm r,
|
||||
@{PROC}/swaps r,
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
owner @{PROC}/@{pid}/comm r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/pts/1 rw,
|
||||
|
||||
include if exists <local/systemd-analyze>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/systemd-hwdb
|
||||
profile systemd-hwdb @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue