felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/profiles-m-r/initramfs-scripts
Alexandre Pujol 8f7e373f62 fix: update-alternatives is **not** installed in sbin.
2025-08-04 12:47:01 +02:00

56 lines
1.5 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = /usr/share/initramfs-tools/scripts/** /etc/initramfs-tools/scripts/**
profile initramfs-scripts @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,
@{sh_path} rix,
@{coreutils_path} rix,
@{sbin}/blkid Px,
@{bin}/dd ix,
@{bin}/debconf-escape Px,
@{bin}/ischroot Px,
@{bin}/ldd Cx -> ldd,
@{bin}/plymouth Px,
@{bin}/update-alternatives Px,
@{lib}/dracut/dracut-install Px,
@{lib}/initramfs-tools/bin/busybox Px,
/usr/share/mdadm/mkconf Px,
/usr/share/initramfs-tools/{,**} r,
/etc/cryptsetup-initramfs/{,**} r,
/etc/crypttab r,
/etc/default/console-setup r,
/etc/fstab r,
/etc/initramfs-tools/{,**} r,
/etc/mdadm/mdadm.conf r,
/etc/udev/rules.d/{,**} r,
/var/tmp/modules_@{rand6} rw,
owner /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_@{rand6}/**,
profile ldd {
include <abstractions/base>
include <abstractions/nameservice-strict>
@{bin}/ldd mr,
@{lib}/@{multiarch}/ld-linux-*so* mrix,
@{lib}/ld-linux.so* mr,
include if exists <local/initramfs-scripts_ldd>
}
include if exists <local/initramfs-scripts>
}
# vim:syntax=apparmor
Reference in a new issue View git blame Copy permalink