felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-07 23:18:10 +00:00
parent 37dd97a875
commit f20ccedf4f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
7 changed files with 44 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-a-f/auditctl
View file

@ -16,5 +16,7 @@ profile auditctl @{exec_path} {
@{exec_path} mr,
/etc/audit/audit.rules r,
include if exists <local/auditctl>
}

11
apparmor.d/profiles-a-f/augenrules
View file

@ -13,9 +13,18 @@ profile augenrules @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/auditctl rPx,
/{usr/,}bin/chmod rix,
/{usr/,}bin/cmp rix,
/{usr/,}bin/cp rix,
/{usr/,}bin/gawk rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/ls rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/auditctl rPx,
/etc/audit/audit.rules r,
/etc/audit/rules.d/ r,
owner /tmp/aurules.* rw,

9
apparmor.d/profiles-a-f/fwupd
View file

@ -74,9 +74,10 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/usr/share/fwupd/{,**} r,
/usr/share/mime/mime.cache r,
/etc/pki/fwupd/{,**} r,
/etc/pki/fwupd-metadata/{,**} r,
/etc/fwupd/{,**} rw,
/etc/lsb-release r,
/etc/pki/fwupd-metadata/{,**} r,
/etc/pki/fwupd/{,**} r,
/var/cache/fwupd/{,**} rw,
/var/lib/fwupd/{,**} rw,
@ -94,6 +95,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
# In order to get to this file, the attach_disconnected flag has to be set
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r,
owner @{user_cache_dirs}/gnome-software/fwupd/{,**} r,
@{sys}/**/ r,
@{sys}/devices/** r,
@ -102,7 +104,8 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
@{sys}/firmware/dmi/tables/DMI r,
@{sys}/firmware/dmi/tables/smbios_entry_point r,
@{sys}/firmware/efi/** r,
@{sys}/firmware/efi/efivars/BootNext-* rw,
@{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
@{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw,
@{sys}/firmware/efi/efivars/fwupd-* rw,
@{sys}/kernel/security/lockdown r,
@{sys}/kernel/security/tpm[0-9]/binary_bios_measurements r,