felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-07-03 20:27:48 +01:00
parent 9b84ded0c2
commit f6de2fbe7a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
28 changed files with 81 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/systemd/bootctl
View file

@ -39,15 +39,20 @@ profile bootctl @{exec_path} {
@{run}/host/container-manager r,
@{sys}//class/tpmrm/ r,
@{sys}/devices/virtual/dmi/id/{board_vendor,bios_vendor} r,
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
@{sys}/firmware/dmi/entries/*/raw r,
@{sys}/firmware/efi/efivars/ r,
@{sys}/firmware/efi/efivars/AuditMode-@{uuid} r,
@{sys}/firmware/efi/efivars/Boot[0-9A-F]*-@{uuid} r,
@{sys}/firmware/efi/efivars/BootOrder-@{uuid} r,
@{sys}/firmware/efi/efivars/DeployedMode-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderDevicePartUUID-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderEntries-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderEntrySelected-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderFeatures-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderFirmwareInfo-@{uuid} r,
@{sys}/firmware/efi/efivars/LoaderFirmwareType-@{uuid} r,

2
apparmor.d/groups/systemd/systemd-machine-id-setup
View file

@ -10,6 +10,8 @@ include <tunables/global>
profile systemd-machine-id-setup @{exec_path} {
include <abstractions/base>
capability dac_override,
@{exec_path} mr,
/etc/machine-id rw,

1
apparmor.d/groups/systemd/systemd-resolved
View file

@ -11,6 +11,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/p11-kit>
include <abstractions/ssl_certs>
include <abstractions/systemd-common>

4
apparmor.d/groups/systemd/systemd-udevd
View file

@ -49,8 +49,8 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected complain) {
/{usr/,}{s,}bin/* rPUx,
/{usr,/}lib/pm-utils/power.d/* rPUx,
/{usr,/}lib/snapd/snap-device-helper rPx,
/{usr/,}lib/pm-utils/power.d/* rPUx,
/{usr/,}lib/snapd/snap-device-helper rPx,
/{usr/,}lib/crda/* rPUx,
/{usr/,}lib/gdm-runtime-config rPx,
/{usr/,}lib/systemd/systemd-* rPx,