mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add capability, dbus and some proc

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-30 12:24:59 +02:00 committed by Alex
parent a9fd0706d1
commit 03881d5614
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apparmor.d/profiles-s-z/zsysd
View File

@ -11,6 +11,13 @@ profile zsysctl @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dbus-strict> include <abstractions/dbus-strict>
capability sys_ptrace,
capability sys_admin,
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
interface=org.freedesktop.PolicyKit1.Authority
member=CheckAuthorization,
@{exec_path} rm, @{exec_path} rm,
/{usr/,}bin/zsysctl rix, /{usr/,}bin/zsysctl rix,
/{usr/,}bin/zsysd rix, /{usr/,}bin/zsysd rix,
@ -27,9 +34,11 @@ profile zsysctl @{exec_path} flags=(complain) {
@{run}/zsys-snapshot.unattended-upgrades rw, @{run}/zsys-snapshot.unattended-upgrades rw,
@{run}/zsysd.sock rw, @{run}/zsysd.sock rw,
@{PROC}/@{pids}/mounts r, @{PROC}/@{pids}/mounts r,
@{PROC}/filesystems r, @{PROC}/cmdline r,
@{PROC}/sys/kernel/spl/hostid r, owner @{PROC}/@{pids}/stats r,
@{PROC}/filesystems r,
@{PROC}/sys/kernel/spl/hostid r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,