feat(abs): add abi reference to all abstractions.

2024-10-09 22:19:01 +01:00 · 2024-10-09 22:19:01 +01:00 · fc43400c26
commit fc43400c26
parent c923cc7ccf
112 changed files with 225 additions and 1 deletions
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@ -9,6 +9,8 @@
 # applications (bwrap) that have no way to restrict access depending on the
 # application being confined.

+  abi <abi/4.0>,
+
  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
--- a/apparmor.d/abstractions/common/apt
+++ b/apparmor.d/abstractions/common/apt
@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  abi <abi/4.0>,
+
  /usr/share/dpkg/cputable r,
  /usr/share/dpkg/tupletable r,

--- a/apparmor.d/abstractions/common/bwrap
+++ b/apparmor.d/abstractions/common/bwrap
@ -7,6 +7,8 @@
 # - the flag: attach_disconnected
 # - bwrap execution: '@{bin}/bwrap rix,'

+  abi <abi/4.0>,
+
  userns,

  capability net_admin,
--- a/apparmor.d/abstractions/common/chromium
+++ b/apparmor.d/abstractions/common/chromium
@ -6,6 +6,8 @@
 # This abstraction is for chromium based application. Chromium based browsers
 # need to use abstractions/chromium instead.

+  abi <abi/4.0>,
+
  userns,

  capability setgid, # If kernel.unprivileged_userns_clone = 1
--- a/apparmor.d/abstractions/common/electron
+++ b/apparmor.d/abstractions/common/electron
@ -12,6 +12,8 @@
 # @{cache_dirs} = @{user_cache_dirs}/@{name}
 #

+  abi <abi/4.0>,
+
  include <abstractions/dconf-write>
  include <abstractions/desktop>
  include <abstractions/graphics>
--- a/apparmor.d/abstractions/common/game
+++ b/apparmor.d/abstractions/common/game
@ -10,6 +10,8 @@
 #   (Default: @{XDG_GAMESSTUDIO_DIR}="unity3d")
 # - @{user_games_dirs} for user specific game directories (eg: steam storage dir)

+  abi <abi/4.0>,
+
  include <abstractions/audio-client>
  include <abstractions/desktop>
  include <abstractions/devices-usb>
--- a/apparmor.d/abstractions/common/gnome
+++ b/apparmor.d/abstractions/common/gnome
@ -4,6 +4,8 @@

 # Minimal set of rules for all gnome based UI application.

+  abi <abi/4.0>,
+
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus/org.a11y>
--- a/apparmor.d/abstractions/common/steam-game
+++ b/apparmor.d/abstractions/common/steam-game
@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  abi <abi/4.0>,
+
  include <abstractions/common/game>

  @{lib_dirs}/ r,
--- a/apparmor.d/abstractions/common/systemd
+++ b/apparmor.d/abstractions/common/systemd
@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  abi <abi/4.0>,
+
  ptrace read peer=@{p_systemd},

  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,