mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa): update default tunable selection.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-27 23:44:03 +01:00
parent a99387c323
commit 0aa317d8e4
Failed to generate hash of commit
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pkg/aa/apparmor.go
View file

@ -33,13 +33,18 @@ func DefaultTunables() *AppArmorProfileFile {
return &AppArmorProfileFile{ return &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true}, &Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true},
&Variable{Name: "lib", Values: []string{"/{,usr/}lib{,exec,32,64}"}, Define: true},
&Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true},
&Variable{Name: "HOME", Values: []string{"/home/*"}, Define: true},
&Variable{Name: "user_share_dirs", Values: []string{"/home/*/.local/share"}, Define: true},
&Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true}, &Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},
&Variable{Name: "HOME", Values: []string{"/home/*"}, Define: true},
&Variable{Name: "int", Values: []string{"[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}"}, Define: true}, &Variable{Name: "int", Values: []string{"[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}"}, Define: true},
&Variable{Name: "int2", Values: []string{"[0-9][0-9]"}, Define: true},
&Variable{Name: "lib", Values: []string{"/{,usr/}lib{,exec,32,64}"}, Define: true},
&Variable{Name: "MOUNTS", Values: []string{"/media/*/", "/run/media/*/*/", "/mnt/*/"}, Define: true},
&Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true},
&Variable{Name: "run", Values: []string{"/run/", "/var/run/"}, Define: true},
&Variable{Name: "uid", Values: []string{"{[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}"}, Define: true},
&Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true}, &Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true},
&Variable{Name: "user_config_dirs", Values: []string{"/home/*/.config"}, Define: true},
&Variable{Name: "user_share_dirs", Values: []string{"/home/*/.local/share"}, Define: true},
}, },
} }
} }