felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use @{sbin} for all program inside /usr/sbin.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-28 21:27:57 +02:00
parent b8f2f38c72
commit fd17a77b17
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
270 changed files with 475 additions and 475 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apparmor.d/groups/firewall/firewalld
View file

@ -6,7 +6,7 @@ abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/firewalld
@{exec_path} = @{sbin}/firewalld
profile firewalld @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app/kmod>
@ -34,14 +34,14 @@ profile firewalld @{exec_path} flags=(attach_disconnected) {
@{bin}/ r,
@{bin}/alts rix,
@{bin}/ebtables-legacy rix,
@{bin}/ebtables-legacy-restore rix,
@{sbin}/ebtables-legacy rix,
@{sbin}/ebtables-legacy-restore rix,
@{bin}/false rix,
@{bin}/ipset rix,
@{sbin}/ipset rix,
@{bin}/kmod rix,
@{bin}/modprobe rix,
@{bin}/xtables-legacy-multi rix,
@{bin}/xtables-nft-multi rmix,
@{sbin}/modprobe rix,
@{sbin}/xtables-legacy-multi rix,
@{sbin}/xtables-nft-multi rmix,
/usr/local/lib/@{python_name}/dist-packages/ r,

2
apparmor.d/groups/firewall/nft
View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/nft
@{exec_path} = @{sbin}/nft
profile nft @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

6
apparmor.d/groups/firewall/ufw
View file

@ -33,9 +33,9 @@ profile ufw @{exec_path} flags=(attach_disconnected) {
@{bin}/ r,
@{bin}/cat rix,
@{bin}/env r,
@{bin}/sysctl rix,
@{bin}/xtables-legacy-multi rix,
@{bin}/xtables-nft-multi rix,
@{sbin}/sysctl rix,
@{sbin}/xtables-legacy-multi rix,
@{sbin}/xtables-nft-multi rix,
@{lib}/ufw/ufw-init rix,
/etc/default/ufw rw,

6
apparmor.d/groups/firewall/ufw-init
View file

@ -22,9 +22,9 @@ profile ufw-init @{exec_path} {
@{exec_path} mr,
@{sh_path} rix,
@{bin}/sysctl rix,
@{bin}/xtables-legacy-multi rix,
@{bin}/xtables-nft-multi rix,
@{sbin}/sysctl rix,
@{sbin}/xtables-legacy-multi rix,
@{sbin}/xtables-nft-multi rix,
/etc/default/ufw r,
/etc/ufw/* r,