felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): fix issues raised in tests.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-20 16:34:49 +02:00 committed by Alex
parent 4f265c6d58
commit fd0092d431
6 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/utils/lslocks
View file

@ -17,6 +17,8 @@ profile lslocks @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{sys}/devices/**/block/** r,
@{PROC}/ r, @{PROC}/ r,
@{PROC}/@{pid}/ r, @{PROC}/@{pid}/ r,
@{PROC}/@{pid}/comm r, @{PROC}/@{pid}/comm r,

2
apparmor.d/groups/utils/lsns
View file

@ -28,6 +28,8 @@ profile lsns @{exec_path} flags=(attach_disconnected) {
@{run}/*/netns/** r, @{run}/*/netns/** r,
@{run}/*/ns/** r, @{run}/*/ns/** r,
@{sys}/devices/**/block/** r,
@{PROC}/ r, @{PROC}/ r,
@{PROC}/@{pid}/ r, @{PROC}/@{pid}/ r,
@{PROC}/@{pid}/stat r, @{PROC}/@{pid}/stat r,

2
apparmor.d/profiles-m-r/initramfs-hooks
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /usr/share/initramfs-tools/hooks/** /etc/initramfs-tools/hooks/** @{exec_path} = /usr/share/initramfs-tools/hooks/** /etc/initramfs-tools/hooks/**
profile initramfs-hooks @{exec_path} { profile initramfs-hooks @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{exec_path} mr, @{exec_path} mr,
@ -70,6 +71,7 @@ profile initramfs-hooks @{exec_path} {
profile ldd { profile ldd {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{bin}/ldd mr, @{bin}/ldd mr,

1
apparmor.d/profiles-m-r/initramfs-scripts
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /usr/share/initramfs-tools/scripts/** /etc/initramfs-tools/scripts/** @{exec_path} = /usr/share/initramfs-tools/scripts/** /etc/initramfs-tools/scripts/**
profile initramfs-scripts @{exec_path} { profile initramfs-scripts @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/profiles-m-r/mdadm-mkconf
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /usr/share/mdadm/mkconf @{exec_path} = /usr/share/mdadm/mkconf
profile mdadm-mkconf @{exec_path} { profile mdadm-mkconf @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/profiles-m-r/mkinitramfs
View file

@ -88,6 +88,7 @@ profile mkinitramfs @{exec_path} {
owner /boot/initrd.img-*.new rw, owner /boot/initrd.img-*.new rw,
/var/tmp/ r, /var/tmp/ r,
/var/tmp/mkinitramfs_@{rand6}/** w,
/var/tmp/modules_@{rand6} rw, /var/tmp/modules_@{rand6} rw,
owner /var/tmp/mkinitramfs_@{rand6} rw, owner /var/tmp/mkinitramfs_@{rand6} rw,
owner /var/tmp/mkinitramfs_@{rand6}/ rw, owner /var/tmp/mkinitramfs_@{rand6}/ rw,
@ -98,6 +99,7 @@ profile mkinitramfs @{exec_path} {
owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6} rw, owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6} rw,
owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/ rw, owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/ rw,
owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/** rwl -> /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/**, owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/** rwl -> /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/**,
owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/** w,
owner /tmp/tmp.@{rand10}/mkinitramfs-@{rand6} rw, owner /tmp/tmp.@{rand10}/mkinitramfs-@{rand6} rw,
owner /tmp/tmp.@{rand10}/mkinitramfs-*_@{rand6} rw, owner /tmp/tmp.@{rand10}/mkinitramfs-*_@{rand6} rw,