mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
Add capability, dbus and some proc
This commit is contained in:
parent
a9fd0706d1
commit
03881d5614
@ -11,6 +11,13 @@ profile zsysctl @{exec_path} flags=(complain) {
|
|||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dbus-strict>
|
include <abstractions/dbus-strict>
|
||||||
|
|
||||||
|
capability sys_ptrace,
|
||||||
|
capability sys_admin,
|
||||||
|
|
||||||
|
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||||
|
interface=org.freedesktop.PolicyKit1.Authority
|
||||||
|
member=CheckAuthorization,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} rm,
|
||||||
/{usr/,}bin/zsysctl rix,
|
/{usr/,}bin/zsysctl rix,
|
||||||
/{usr/,}bin/zsysd rix,
|
/{usr/,}bin/zsysd rix,
|
||||||
@ -28,6 +35,8 @@ profile zsysctl @{exec_path} flags=(complain) {
|
|||||||
@{run}/zsysd.sock rw,
|
@{run}/zsysd.sock rw,
|
||||||
|
|
||||||
@{PROC}/@{pids}/mounts r,
|
@{PROC}/@{pids}/mounts r,
|
||||||
|
@{PROC}/cmdline r,
|
||||||
|
owner @{PROC}/@{pids}/stats r,
|
||||||
@{PROC}/filesystems r,
|
@{PROC}/filesystems r,
|
||||||
@{PROC}/sys/kernel/spl/hostid r,
|
@{PROC}/sys/kernel/spl/hostid r,
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user