mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profiles): modernize udev access.

Browse Source
This commit is contained in:
Alexandre Pujol 2023-08-24 19:31:54 +01:00
parent 73cb5a4545
commit 07cfbcd952
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
37 changed files with 234 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor.d/abstractions/gstreamer
View File

@ -27,7 +27,7 @@
#owner /tmp/orcexec.* mrw, #owner /tmp/orcexec.* mrw,
#owner @{HOME}/orcexec.* mrw, #owner @{HOME}/orcexec.* mrw,
@{run}/udev/data/+drm:* r, # For screen outputs @{run}/udev/data/+drm:card[0-9]-* r, # For screen outputs
@{run}/udev/data/+usb:* r, # For /dev/bus/usb/** @{run}/udev/data/+usb:* r, # For /dev/bus/usb/**
@{run}/udev/data/c81:@{int} r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux

2
apparmor.d/abstractions/kde5-plasma5
View File

@ -51,7 +51,7 @@
#deny @{sys}/bus/usb/devices/ r, #deny @{sys}/bus/usb/devices/ r,
#deny @{sys}/class/ r, #deny @{sys}/class/ r,
#deny @{run}/udev/data/b8:[0-9]* r, # for /dev/sda1 , etc. #deny @{run}/udev/data/b8:[0-9]* r, # for /dev/sda1 , etc.
#deny @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/001/001 , etc. #deny @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/001/001 , etc.
#deny @{run}/udev/data/+usb:* r, # #deny @{run}/udev/data/+usb:* r, #
#/etc/exports r, #/etc/exports r,
#/etc/xdg/menus/ r, #/etc/xdg/menus/ r,

4
apparmor.d/groups/browsers/firefox
View File

@ -229,8 +229,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
@{run}/mount/utab r, @{run}/mount/utab r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r, @{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,

2
apparmor.d/groups/freedesktop/colord
View File

@ -79,6 +79,8 @@ profile colord @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/* r, @{run}/systemd/sessions/* r,
@{run}/udev/data/c81:@{int} r, # For video4linux
@{sys}/class/drm/ r, @{sys}/class/drm/ r,
@{sys}/class/video4linux/ r, @{sys}/class/video4linux/ r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]/card[0-9]-{HDMI,VGA,LVDS,DP,eDP,Virtual}-*/{enabled,edid} r, @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/card[0-9]-{HDMI,VGA,LVDS,DP,eDP,Virtual}-*/{enabled,edid} r,

12
apparmor.d/groups/freedesktop/iio-sensor-proxy
View File

@ -14,12 +14,12 @@ profile iio-sensor-proxy @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+input* r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/iio/devices/ r, @{sys}/bus/iio/devices/ r,

14
apparmor.d/groups/freedesktop/pipewire
View File

@ -65,13 +65,13 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
owner /tmp/librnnoise-[0-9]*.so rm, owner /tmp/librnnoise-[0-9]*.so rm,
owner @{run}/user/@{uid}/pipewire-[0-9]*.lock rwk, owner @{run}/user/@{uid}/pipewire-[0-9]*.lock rwk,
@{run}/udev/data/c81:[0-9]* r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/media/devices/ r, @{sys}/bus/media/devices/ r,

4
apparmor.d/groups/freedesktop/pipewire-media-session
View File

@ -58,8 +58,8 @@ profile pipewire-media-session @{exec_path} {
owner @{run}/user/@{uid}/pipewire-[0-9]* rw, owner @{run}/user/@{uid}/pipewire-[0-9]* rw,
@{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/c116:[0-9]* r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,

6
apparmor.d/groups/freedesktop/plymouthd
View File

@ -38,9 +38,9 @@ profile plymouthd @{exec_path} {
@{run}/plymouth/{,**} rw, @{run}/plymouth/{,**} rw,
@{run}/udev/data/+drm:* r, @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c29:* r, # For /dev/fb[0-9]* @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]*
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,

12
apparmor.d/groups/freedesktop/pulseaudio
View File

@ -173,12 +173,12 @@ profile pulseaudio @{exec_path} {
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/c116:[0-9]* r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/class/sound/ r, @{sys}/class/sound/ r,
@{sys}/devices/**/sound/**/{uevent,pcm_class} r, @{sys}/devices/**/sound/**/{uevent,pcm_class} r,

18
apparmor.d/groups/freedesktop/upowerd
View File

@ -48,16 +48,16 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
/var/lib/upower/history-*.dat{,.*} rw, /var/lib/upower/history-*.dat{,.*} rw,
@{run}/udev/data/ r, @{run}/udev/data/ r,
@{run}/udev/data/+acpi:* r, @{run}/udev/data/+acpi:* r, # for acpi
@{run}/udev/data/+hid* r, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+input* r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+power_supply* r, @{run}/udev/data/+power_supply* r,
@{run}/udev/data/+sound:card[0-9]* r, # for sound @{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:[0-9]* r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/inhibit/[0-9]*.ref rw,

28
apparmor.d/groups/freedesktop/xorg
View File

@ -117,22 +117,22 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/platform/ r, @{sys}/devices/platform/ r,
@{sys}/module/i915/{,**} r, @{sys}/module/i915/{,**} r,
@{run}/udev/data/+i2c:* r, @{run}/udev/data/+acpi:* r, # for acpi
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad
@{run}/udev/data/+platform* r, # for ?
@{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+dmi* r, # for ? @{run}/udev/data/+dmi* r, # for ?
@{run}/udev/data/+acpi* r, # for ? @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+hid* r, # for HID-Compliant Keyboard @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+pci* r, # for VGA compatible controller @{run}/udev/data/+i2c:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+platform:* r, # for ?
@{run}/udev/data/+serio:* r, # for touchpad?
@{run}/udev/data/+usb* r, # for USB mouse and keyboard @{run}/udev/data/+usb* r, # for USB mouse and keyboard
@{run}/udev/data/+serio* r, # for touchpad? @{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]*
@{run}/udev/data/c4:[0-9]* r, # for /dev/tty[0-9]* @{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/c5:[0-9]* r, # for /dev/tty, /dev/console, /dev/ptmx @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features
@{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
@{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/** @{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card*
@{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/cmdline r,
@{PROC}/cmdline r, @{PROC}/cmdline r,

7
apparmor.d/groups/gnome/gdm
View File

@ -97,9 +97,10 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/*.ref r, @{run}/systemd/sessions/*.ref r,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
@{run}/udev/data/+drm:card[0-9]-* r, @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/udev/tags/master-of-seat/ r, @{run}/udev/tags/master-of-seat/ r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,

20
apparmor.d/groups/gnome/gnome-control-center
View File

@ -164,16 +164,16 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
@{run}/udev/data/+dmi:* r, @{run}/udev/data/+dmi:* r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,

20
apparmor.d/groups/gnome/gnome-shell
View File

@ -598,20 +598,20 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{run}/udev/tags/seat/ r, @{run}/udev/tags/seat/ r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+dmi:id r, @{run}/udev/data/+dmi:id r,
@{run}/udev/data/+acpi* r, @{run}/udev/data/+acpi* r,
@{run}/udev/data/+pci* r, # for VGA compatible controller @{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+sound:card* r, # for sound @{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/+usb* r, # for USB mouse and keyboard @{run}/udev/data/+usb* r, # for USB mouse and keyboard
@{run}/udev/data/+i2c:* r, @{run}/udev/data/+i2c:* r,
@{run}/udev/data/+hid* r, # for HID-Compliant Keyboard @{run}/udev/data/+hid:* r , # for HID-Compliant Keyboard
@{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/**/uevent r, @{sys}/**/uevent r,
@{sys}/bus/ r, @{sys}/bus/ r,

6
apparmor.d/groups/gnome/gsd-media-keys
View File

@ -187,9 +187,9 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,
@{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c189:[0-9]* r, # For /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/**
@{sys}/devices/**/usb[0-9]/{,**} r, @{sys}/devices/**/usb[0-9]/{,**} r,
@{sys}/devices/pci[0-9]*/**/sound/**/uevent r, @{sys}/devices/pci[0-9]*/**/sound/**/uevent r,

2
apparmor.d/groups/gnome/gsd-rfkill
View File

@ -88,7 +88,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/virtual/misc/rfkill/uevent r, @{sys}/devices/virtual/misc/rfkill/uevent r,
@{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,

8
apparmor.d/groups/network/ModemManager
View File

@ -53,13 +53,13 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+usb:* r, @{run}/udev/data/+usb:* r,
@{run}/udev/data/c16[6,7]:[0-9]* r, # USB modems @{run}/udev/data/c16[6,7]:[0-9]* r, # USB modems
@{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters @{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters
@{run}/udev/data/c4:[0-9]* r, # for /dev/tty[0-9]* @{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]*
@{run}/udev/data/c5:[0-9]* r, # for /dev/tty, /dev/console, /dev/ptmx @{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{run}/systemd/inhibit/*.ref rw, @{run}/systemd/inhibit/*.ref rw,

6
apparmor.d/groups/network/NetworkManager
View File

@ -139,10 +139,10 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{run}/nscd/db* rwl, @{run}/nscd/db* rwl,
@{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r, @{run}/udev/data/+rfkill:* r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,
@{sys}/devices/virtual/net/{,**} r, @{sys}/devices/virtual/net/{,**} r,

2
apparmor.d/groups/network/dhcpcd
View File

@ -54,7 +54,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {
@{run}/dhcpcd/hook-state/resolv.conf/ rw, @{run}/dhcpcd/hook-state/resolv.conf/ rw,
@{run}/dhcpcd/unpriv.sock w, @{run}/dhcpcd/unpriv.sock w,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/devices/pci[0-9]*/**/uevent r, @{sys}/devices/pci[0-9]*/**/uevent r,
@{sys}/devices/virtual/dmi/id/product_uuid r, @{sys}/devices/virtual/dmi/id/product_uuid r,

4
apparmor.d/groups/network/nmcli
View File

@ -20,8 +20,8 @@ profile nmcli @{exec_path} {
owner @{HOME}/.nm-vpngate/*.ovpn r, owner @{HOME}/.nm-vpngate/*.ovpn r,
owner @{HOME}/.cert/nm-openvpn/*.pem rw, owner @{HOME}/.cert/nm-openvpn/*.pem rw,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/devices/virtual/net/{,**} r, @{sys}/devices/virtual/net/{,**} r,
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r, @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,

21
apparmor.d/groups/systemd/systemd-journald
View File

@ -41,24 +41,25 @@ profile systemd-journald @{exec_path} {
@{run}/udev/data/+acpi:* r, @{run}/udev/data/+acpi:* r,
@{run}/udev/data/+bluetooth:* r, @{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+hid:* r, @{run}/udev/data/+hid:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+scsi:* r, @{run}/udev/data/+scsi:* r,
@{run}/udev/data/+sdio:* r, @{run}/udev/data/+sdio:* r,
@{run}/udev/data/+usb-serial:* r, @{run}/udev/data/+usb-serial:* r,
@{run}/udev/data/+usb:* r, @{run}/udev/data/+usb:* r,
@{run}/udev/data/+virtio:* r, @{run}/udev/data/+virtio:* r,
@{run}/udev/data/c1:[0-9]* r, # For RAM disk @{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c4:[0-9]* r, # For TTY devices @{run}/udev/data/c4:@{int} r, # For TTY devices
@{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features
@{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters @{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters
@{run}/udev/data/c29:[0-9]* r, # For CD-ROM @{run}/udev/data/c29:[0-9]* r, # For CD-ROM
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,

2
apparmor.d/groups/systemd/systemd-networkd
View File

@ -68,7 +68,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
owner @{run}/systemd/netif/lldp/ rw, owner @{run}/systemd/netif/lldp/ rw,
owner @{run}/systemd/netif/state rw, owner @{run}/systemd/netif/state rw,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/devices/**/net/** r, @{sys}/devices/**/net/** r,
@{sys}/devices/pci[0-9]*/**/ r, @{sys}/devices/pci[0-9]*/**/ r,

32
apparmor.d/groups/ubuntu/subiquity-console-conf
View File

@ -57,27 +57,27 @@ profile subiquity-console-conf @{exec_path} {
@{run}/udev/data/+acpi:* r, @{run}/udev/data/+acpi:* r,
@{run}/udev/data/+dmi* r, @{run}/udev/data/+dmi* r,
@{run}/udev/data/+drm* r, @{run}/udev/data/+drm* r,
@{run}/udev/data/+input* r, # For mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r, @{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+sound:card* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/c1:[0-9]* r, # For RAM disk @{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c4:[0-9]* r, # For TTY devices @{run}/udev/data/c4:@{int} r, # For TTY devices
@{run}/udev/data/c5:[0-9]* r, # For /dev/tty, /dev/console, /dev/ptmx @{run}/udev/data/c5:@{int} r, # For /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/c7:[0-9]* r, # For Virtual console capture devices @{run}/udev/data/c7:[0-9]* r, # For Virtual console capture devices
@{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]*
@{run}/udev/data/c89:[0-9]* r, # For I2C bus interface @{run}/udev/data/c89:[0-9]* r, # For I2C bus interface
@{run}/udev/data/c108:[0-9]* r, # For /dev/ppp @{run}/udev/data/c108:@{int} r, # For /dev/ppp
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/**/devices/ r, @{sys}/**/devices/ r,
@{sys}/*/*/ r, @{sys}/*/*/ r,

51
apparmor.d/groups/virt/libvirtd
View File

@ -162,35 +162,36 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+backlight:* r, @{run}/udev/data/+backlight:* r,
@{run}/udev/data/+bluetooth:* r, @{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+dmi:id r, @{run}/udev/data/+dmi:id r,
@{run}/udev/data/+drm:* r, @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+hid:* r, @{run}/udev/data/+hid:* r,
@{run}/udev/data/+input* r, # For mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # For mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r, @{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r, @{run}/udev/data/+rfkill:* r,
@{run}/udev/data/+sound:card* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/+thunderbolt:* r, @{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/c1:[0-9]* r, # For RAM disk @{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c6:[0-9]* r, # For parallel printer devices /dev/lp* @{run}/udev/data/c6:@{int} r, # For parallel printer devices /dev/lp*
@{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c21:[0-9]* r, # Generic SCSI access @{run}/udev/data/c21:@{int} r, # Generic SCSI access
@{run}/udev/data/c29:* r, # For /dev/fb[0-9]* @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]*
@{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c99:[0-9]* r, # For raw parallel ports /dev/parport* @{run}/udev/data/c90:@{int} r, # For RAM, ROM, Flash
@{run}/udev/data/c108:[0-9]* r, # For /dev/ppp @{run}/udev/data/c99:@{int} r, # For raw parallel ports /dev/parport*
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c108:@{int} r, # For /dev/ppp
@{run}/udev/data/c202:[0-9]* r, # CPU model-specific registers @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c203:[0-9]* r, # CPU CPUID information @{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card[0-9]* @{run}/udev/data/c203:@{int} r, # CPU CPUID information
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n@{int} r,
@{sys}/bus/[a-z]*/devices/ r, @{sys}/bus/[a-z]*/devices/ r,
@{sys}/bus/pci/drivers_probe w, @{sys}/bus/pci/drivers_probe w,

40
apparmor.d/groups/virt/virtnodedevd
View File

@ -48,31 +48,31 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+backlight:* r, @{run}/udev/data/+backlight:* r,
@{run}/udev/data/+bluetooth:* r, @{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+dmi:id r, @{run}/udev/data/+dmi:id r,
@{run}/udev/data/+drm:* r, # For screen outputs @{run}/udev/data/+drm:card[0-9]-* r, # For screen outputs
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r, @{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r,
@{run}/udev/data/+sound:* r, @{run}/udev/data/+sound:* r,
@{run}/udev/data/+thunderbolt:* r, @{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/+rfkill:* r,
@{run}/udev/data/c1:[0-9]* r, # For RAM disk @{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c21:[0-9]* r, # Generic SCSI access @{run}/udev/data/c21:@{int} r, # Generic SCSI access
@{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]*
@{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash @{run}/udev/data/c90:@{int} r, # For RAM, ROM, Flash
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c202:[0-9]* r, # CPU model-specific registers @{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/**/ r, @{sys}/**/ r,
@{sys}/devices/@{pci}/vpd r, @{sys}/devices/@{pci}/vpd r,

2
apparmor.d/profiles-a-f/bluetoothd
View File

@ -30,7 +30,7 @@ profile bluetoothd @{exec_path} {
/var/lib/bluetooth/{,**} rw, /var/lib/bluetooth/{,**} rw,
@{run}/sdp rw, @{run}/sdp rw,
@{run}/udev/data/+hid:* r, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r,
@{sys}/devices/pci[0-9]*/**/bluetooth/**/{uevent,name} r, @{sys}/devices/pci[0-9]*/**/bluetooth/**/{uevent,name} r,

6
apparmor.d/profiles-a-f/fprintd
View File

@ -41,9 +41,9 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/journal/socket rw, @{run}/systemd/journal/socket rw,
@{run}/systemd/inhibit/*.ref w, @{run}/systemd/inhibit/*.ref w,
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/class/hidraw/ r, @{sys}/class/hidraw/ r,
@{sys}/devices/pci[0-9]*/**/hidraw/hidraw[0-9]*/uevent r, @{sys}/devices/pci[0-9]*/**/hidraw/hidraw[0-9]*/uevent r,

4
apparmor.d/profiles-a-f/fritzing
View File

@ -59,8 +59,8 @@ profile fritzing @{exec_path} {
@{sys}/devices/**/tty*/uevent r, @{sys}/devices/**/tty*/uevent r,
@{sys}/devices/**/tty/**/uevent r, @{sys}/devices/**/tty/**/uevent r,
@{run}/udev/data/c4:[0-9]* r, # for /dev/tty[0-9]* @{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]*
@{run}/udev/data/c5:[0-9]* r, # for /dev/tty, /dev/console, /dev/ptmx @{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/c166:[0-9]* r, # for /dev/ttyACM[0-9]* @{run}/udev/data/c166:[0-9]* r, # for /dev/ttyACM[0-9]*
/dev/ttyS[0-9]* rw, /dev/ttyS[0-9]* rw,

10
apparmor.d/profiles-g-l/gzdoom
View File

@ -87,11 +87,11 @@ profile gzdoom @{exec_path} {
@{run}/udev/data/+sound:* r, @{run}/udev/data/+sound:* r,
@{run}/udev/data/+input:* r, @{run}/udev/data/+input:* r,
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
include if exists <local/gzdoom> include if exists <local/gzdoom>
} }

18
apparmor.d/profiles-g-l/labwc
View File

@ -44,16 +44,16 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/pci[0-9]*/**/boot_vga r, @{sys}/devices/pci[0-9]*/**/boot_vga r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+acpi:* r, # for ?
@{run}/udev/data/+platform* r, # for ?
@{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+acpi* r, # for ? @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+hid* r, # for HID-Compliant Keyboard @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+pci* r, # for VGA compatible controller @{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+sound:card* r, # for sound @{run}/udev/data/+platform:* r, # for ?
@{run}/udev/data/+serio* r, # for touchpad? @{run}/udev/data/+serio:* r, # for touchpad?
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/systemd/sessions/* r, @{run}/systemd/sessions/* r,
@{run}/systemd/seats/seat@{int} r, @{run}/systemd/seats/seat@{int} r,

6
apparmor.d/profiles-m-r/mpv
View File

@ -69,10 +69,10 @@ profile mpv @{exec_path} {
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/task/ r, owner @{PROC}/@{pid}/task/ r,
@{run}/udev/data/+input:input[0-9]* r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+sound:* r, @{run}/udev/data/+sound:* r,
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:[0-9]* r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,

12
apparmor.d/profiles-m-r/nvtop
View File

@ -27,12 +27,12 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/nvtop/{,**} rw, owner @{user_config_dirs}/nvtop/{,**} rw,
@{run}/systemd/inhibit/*.ref r, @{run}/systemd/inhibit/*.ref r,
@{run}/udev/data/+drm:* r, @{run}/udev/data/+drm:card[0-9]-* r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,

16
apparmor.d/profiles-s-z/steam
View File

@ -162,16 +162,16 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
owner /tmp/sh-thd.* rw, owner /tmp/sh-thd.* rw,
owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw, owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+sound* r, @{run}/udev/data/+sound* r,
@{run}/udev/data/+pci* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:[0-9]* r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/n[0-9]* r, @{run}/udev/data/n@{int} r,
@{sys}/ r, @{sys}/ r,
@{sys}/bus/ r, @{sys}/bus/ r,

4
apparmor.d/profiles-s-z/switcheroo-control
View File

@ -28,10 +28,10 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{run}/udev/data/+drm:* r, @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,

6
apparmor.d/profiles-s-z/virt-manager
View File

@ -90,9 +90,9 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/libvirt/virtqemud.lock rwk, owner @{run}/user/@{uid}/libvirt/virtqemud.lock rwk,
@{run}/mount/utab r, @{run}/mount/utab r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
@{sys}/devices/pci[0-9]*/**/drm/ r, @{sys}/devices/pci[0-9]*/**/drm/ r,

20
apparmor.d/profiles-s-z/wireplumber
View File

@ -37,16 +37,16 @@ profile wireplumber @{exec_path} {
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
@{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/c14:[0-9]* r, # Open Sound System (OSS) @{run}/udev/data/c14:@{int} r, # Open Sound System (OSS)
@{run}/udev/data/c81:[0-9]* r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254
@{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:[0-9]* r, @{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:[0-9]* r, @{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:[0-9]* r, @{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/media/devices/ r, @{sys}/bus/media/devices/ r,