feat(profile): finalize upgrade process.
This commit is contained in:
Alexandre Pujol
parent
a8ab6da6f3
commit
e83a9a60dc
7 changed files with 17 additions and 17 deletions
|
|
@ -30,7 +30,6 @@ profile dpkg-preconfigure @{exec_path} {
|
|||
@{bin}/head ix,
|
||||
@{bin}/locale ix,
|
||||
@{bin}/readlink ix,
|
||||
@{bin}/readlink ix,
|
||||
@{bin}/realpath ix,
|
||||
@{bin}/sed ix,
|
||||
@{bin}/sort ix,
|
||||
|
|
|
|||
|
|
@ -47,11 +47,11 @@ profile dpkg-scripts @{exec_path} {
|
|||
@{sbin}/update-rc.d Cx -> rc,
|
||||
|
||||
# Maintainer scripts can legitimately start/restart anything
|
||||
@{bin}/** Px,
|
||||
@{sbin}/** Px,
|
||||
@{lib}/** Px,
|
||||
/usr/share/** Px,
|
||||
/etc/init.d/* Px,
|
||||
@{bin}/** PUx,
|
||||
@{sbin}/** PUx,
|
||||
@{lib}/** PUx,
|
||||
/usr/share/** PUx,
|
||||
/etc/init.d/* PUx,
|
||||
|
||||
# Maintainer's scripts can update a lot of files
|
||||
/ r,
|
||||
|
|
@ -76,9 +76,9 @@ profile dpkg-scripts @{exec_path} {
|
|||
include <abstractions/bus-system>
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus
|
||||
member=ReloadConfig
|
||||
peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
|
||||
interface=org.freedesktop.DBus
|
||||
member=ReloadConfig
|
||||
peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
|
||||
|
||||
include if exists <local/dpkg-scripts_bus>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
|||
@{bin}/kreadconfig{,5} rPx,
|
||||
@{bin}/plasma-browser-integration-host rPx,
|
||||
@{bin}/speech-dispatcher rPx,
|
||||
@{sbin}/update-mime-database rPx,
|
||||
@{bin}/update-mime-database rPx,
|
||||
@{lib}/gvfsd-metadata rPx,
|
||||
@{lib}/mozilla/kmozillahelper rPUx,
|
||||
@{open_path} rPx -> child-open,
|
||||
|
|
|
|||
|
|
@ -85,8 +85,9 @@ profile snap @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/fs/cgroup/cgroup.controllers r,
|
||||
@{sys}/kernel/security/apparmor/features/{,**} r,
|
||||
|
||||
@{PROC}/@{pids}/cgroup r,
|
||||
@{PROC}/@{pids}/mountinfo r,
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/@{pid}/maps r,
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
@{PROC}/cgroups r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/random/uuid r,
|
||||
|
|
|
|||
|
|
@ -208,6 +208,8 @@ profile snapd @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
signal receive set=kill peer=snapd,
|
||||
|
||||
@{bin}/journalctl mr,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ abi <abi/4.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/which{.debianutils,}
|
||||
@{exec_path} = @{bin}/which{,.debianutils}
|
||||
profile which @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ abi <abi/4.0>,
|
|||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/whiptail
|
||||
profile whiptail @{exec_path} flags=(complain) {
|
||||
profile whiptail @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
|
|
@ -16,9 +16,7 @@ profile whiptail @{exec_path} flags=(complain) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/newt/palette.* r,
|
||||
|
||||
owner @{tmp}/gpm* w,
|
||||
/usr/share/terminfo/** r,
|
||||
|
||||
include if exists <local/whiptail>
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue