From 09f1babb7cc86b35d574380a077d9ad0e034d69e Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 13 Mar 2024 15:58:28 +0000 Subject: [PATCH] chore: improve comments on udev data. --- apparmor.d/groups/freedesktop/colord | 2 +- apparmor.d/groups/freedesktop/pulseaudio | 2 +- apparmor.d/groups/freedesktop/upowerd | 4 ++-- apparmor.d/groups/freedesktop/xorg | 4 ++-- apparmor.d/groups/gnome/gdm | 2 +- apparmor.d/groups/gnome/gnome-control-center | 4 ++-- apparmor.d/groups/gnome/gnome-shell | 6 +++--- apparmor.d/groups/gnome/gsd-media-keys | 2 +- apparmor.d/groups/kde/kwin_wayland | 6 +++--- apparmor.d/groups/network/ModemManager | 2 +- apparmor.d/groups/network/NetworkManager | 2 +- apparmor.d/groups/network/nmcli | 2 +- apparmor.d/groups/systemd/systemd-backlight | 2 +- apparmor.d/groups/systemd/systemd-hostnamed | 2 +- apparmor.d/groups/systemd/systemd-logind | 2 +- apparmor.d/groups/ubuntu/subiquity-console-conf | 6 +++--- apparmor.d/groups/virt/libvirtd | 6 +++--- apparmor.d/groups/virt/virtnodedevd | 6 +++--- apparmor.d/profiles-g-l/labwc | 4 ++-- apparmor.d/profiles-m-r/nvtop | 2 +- apparmor.d/profiles-s-z/steam | 2 +- apparmor.d/profiles-s-z/switcheroo-control | 2 +- apparmor.d/profiles-s-z/udisksd | 2 +- 23 files changed, 37 insertions(+), 37 deletions(-) diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index aba1d3a6..ab754bea 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -56,7 +56,7 @@ profile colord @{exec_path} flags=(attach_disconnected) { @{run}/systemd/journal/socket rw, @{run}/systemd/sessions/* r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c81:@{int} r, # For video4linux @{sys}/bus/scsi/devices/ r, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index 3dd30628..9af2ad8f 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -123,7 +123,7 @@ profile pulseaudio @{exec_path} { @{run}/systemd/users/@{uid} r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c116:@{int} r, # for ALSA @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 diff --git a/apparmor.d/groups/freedesktop/upowerd b/apparmor.d/groups/freedesktop/upowerd index 73fa4c6c..3fb8da5b 100644 --- a/apparmor.d/groups/freedesktop/upowerd +++ b/apparmor.d/groups/freedesktop/upowerd @@ -32,10 +32,10 @@ profile upowerd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{run}/udev/data/+i2c:* r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+power_supply* r, - @{run}/udev/data/+sound:card@{int} r, # for sound + @{run}/udev/data/+sound:card@{int} r, # for sound card @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c116:@{int} r, # for ALSA diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 4fb448c6..db095264 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -106,12 +106,12 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{sys}/module/i915/{,**} r, @{run}/udev/data/+acpi:* r, # for acpi - @{run}/udev/data/+dmi* r, # for ? + @{run}/udev/data/+dmi* r, # for motherboard info @{run}/udev/data/+drm:card@{int}-* r, # For screen outputs @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{run}/udev/data/+i2c:* r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, # for VGA compatible controller + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, # for ? @{run}/udev/data/+serio:* r, # for touchpad? @{run}/udev/data/+usb* r, # for USB mouse and keyboard diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 9b0d0eec..e606b63e 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -73,7 +73,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { @{run}/systemd/users/@{uid} r, @{run}/udev/data/+drm:card@{int}-* r, # For screen outputs - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c226:@{int} r, # for /dev/dri/card* @{run}/udev/tags/master-of-seat/ r, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 3590e6c8..da635136 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -123,9 +123,9 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gnome-shell-disable-extensions w, owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw, - @{run}/udev/data/+dmi:* r, + @{run}/udev/data/+dmi:* r, # for motherboard info @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{run}/udev/data/n@{int} r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 97aa07eb..194bd3ab 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -329,10 +329,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+platform:* r, - @{run}/udev/data/+dmi:id r, + @{run}/udev/data/+dmi:id r, # for motherboard info @{run}/udev/data/+acpi* r, - @{run}/udev/data/+pci:* r, # for VGA compatible controller - @{run}/udev/data/+sound:card@{int} r, # for sound + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) + @{run}/udev/data/+sound:card@{int} r, # for sound card @{run}/udev/data/+usb* r, # for USB mouse and keyboard @{run}/udev/data/+i2c:* r, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 8dc20273..37a000ad 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -105,7 +105,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, - @{run}/udev/data/+sound:card@{int} r, # For sound + @{run}/udev/data/+sound:card@{int} r, # For sound card @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/** diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index d4d45521..5b98a720 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -104,12 +104,12 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { @{sys}/devices/**/uevent r, @{run}/udev/data/+acpi:* r, # for ACPI - @{run}/udev/data/+dmi* r, # for ? + @{run}/udev/data/+dmi:* r, # for motherboard info @{run}/udev/data/+hid:* r, # for HID subsystem @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, # for ? - @{run}/udev/data/+sound:card@{int} r, + @{run}/udev/data/+sound:card@{int} r, # for sound card @{run}/udev/data/+usb:* r, @{run}/udev/data/c13:@{int} r, # for /dev/input/* diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager index f6755e48..7cb295d2 100644 --- a/apparmor.d/groups/network/ModemManager +++ b/apparmor.d/groups/network/ModemManager @@ -25,7 +25,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+usb:* r, @{run}/udev/data/c16[6,7]:@{int} r, # USB modems diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index c19ef9b4..a9468f48 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -132,7 +132,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { @{run}/nscd/db* rwl, @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/users/@{uid} r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+rfkill:* r, @{run}/udev/data/n@{int} r, diff --git a/apparmor.d/groups/network/nmcli b/apparmor.d/groups/network/nmcli index f75f91a2..71fe1dcb 100644 --- a/apparmor.d/groups/network/nmcli +++ b/apparmor.d/groups/network/nmcli @@ -20,7 +20,7 @@ profile nmcli @{exec_path} { owner @{HOME}/.nm-vpngate/*.ovpn r, owner @{HOME}/.cert/nm-openvpn/*.pem rw, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/n@{int} r, @{sys}/devices/virtual/net/{,**} r, diff --git a/apparmor.d/groups/systemd/systemd-backlight b/apparmor.d/groups/systemd/systemd-backlight index 2bd748d5..ca08040f 100644 --- a/apparmor.d/groups/systemd/systemd-backlight +++ b/apparmor.d/groups/systemd/systemd-backlight @@ -18,9 +18,9 @@ profile systemd-backlight @{exec_path} { /var/lib/systemd/backlight/*backlight* rw, - @{run}/udev/data/+pci:* r, @{run}/udev/data/+backlight:* r, @{run}/udev/data/+leds:*backlight* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{sys}/bus/ r, @{sys}/bus/pci/devices/ r, diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index 45d004e6..c648778f 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -35,7 +35,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { @{run}/systemd/default-hostname rw, @{run}/systemd/notify rw, - @{run}/udev/data/+dmi:id r, + @{run}/udev/data/+dmi:* r, # for motherboard info @{sys}/devices/virtual/dmi/id/ r, @{sys}/devices/virtual/dmi/id/bios_date r, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index 588afe3c..fe05f2c8 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -78,7 +78,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+backlight:* r, @{run}/udev/data/+drm:card@{int}-* r, # For screen outputs @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features @{run}/udev/data/c13:@{int} r, # For /dev/input/* @{run}/udev/data/c14:@{int} r, # Open Sound System (OSS) diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index 519d46b4..386b56bf 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -54,13 +54,13 @@ profile subiquity-console-conf @{exec_path} { @{run}/snapd.socket rw, @{run}/udev/data/+acpi:* r, - @{run}/udev/data/+dmi* r, + @{run}/udev/data/+dmi:* r, # For motherboard info @{run}/udev/data/+drm:card@{int}-* r, # For screen outputs @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+leds:* r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, - @{run}/udev/data/+sound:card@{int} r, # For sound + @{run}/udev/data/+sound:card@{int} r, # For sound card @{run}/udev/data/c1:@{int} r, # For RAM disk @{run}/udev/data/c4:@{int} r, # For TTY devices diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index dc5f7787..c4917e65 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -160,15 +160,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+backlight:* r, @{run}/udev/data/+bluetooth:* r, - @{run}/udev/data/+dmi:id r, + @{run}/udev/data/+dmi:* r, # for motherboard info @{run}/udev/data/+drm:card@{int}-* r, # For screen outputs @{run}/udev/data/+hid:* r, @{run}/udev/data/+input:input@{int} r, # For mouse, keyboard, touchpad @{run}/udev/data/+leds:* r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+rfkill:* r, - @{run}/udev/data/+sound:card@{int} r, # For sound + @{run}/udev/data/+sound:card@{int} r, # For sound card @{run}/udev/data/+thunderbolt:* r, @{run}/udev/data/c1:@{int} r, # For RAM disk @{run}/udev/data/c6:@{int} r, # For parallel printer devices /dev/lp* diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd index 658213f5..6291f5c8 100644 --- a/apparmor.d/groups/virt/virtnodedevd +++ b/apparmor.d/groups/virt/virtnodedevd @@ -46,14 +46,14 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+backlight:* r, @{run}/udev/data/+bluetooth:* r, - @{run}/udev/data/+dmi:id r, + @{run}/udev/data/+dmi:* r, # for motherboard info @{run}/udev/data/+drm:card@{int}-* r, # for screen outputs @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+leds:* r, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+rfkill:* r, - @{run}/udev/data/+sound:* r, + @{run}/udev/data/+sound:card@{int} r, # For sound card @{run}/udev/data/+thunderbolt:* r, @{run}/udev/data/c1:@{int} r, # For RAM disk diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 4df5541a..42548b88 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -42,10 +42,10 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+drm:card@{int}-* r, # for screen outputs @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard - @{run}/udev/data/+pci:* r, # for VGA compatible controller + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, # for ? @{run}/udev/data/+serio:* r, # for touchpad? - @{run}/udev/data/+sound:card@{int} r, # for sound + @{run}/udev/data/+sound:card@{int} r, # for sound card @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card* diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index c3b88aeb..0448b8db 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -25,7 +25,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/*.ref r, @{run}/udev/data/+drm:card@{int}-* r, # for screen outputs - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c226:@{int} r, # For /dev/dri/card* @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 151a89d2..edfad82a 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -149,7 +149,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c116:@{int} r, # for ALSA diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 2b6a51fd..184de23c 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -21,7 +21,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{run}/udev/data/+drm:card@{int}-* r, # for screen outputs - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c226:@{int} r, # for /dev/dri/card* diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 55d30c2f..1c70e917 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -108,7 +108,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{run}/cryptsetup/ r, @{run}/cryptsetup/L* rwk, - @{run}/udev/data/+pci:* r, + @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+platform:* r, @{run}/udev/data/+scsi:* r, @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511