mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
QEMU guest virtual disks compatibility
This commit is contained in:
nobodysu
parent
8fc279fa27
commit
0f50672486
7 changed files with 28 additions and 28 deletions
|
|
@ -9,10 +9,10 @@
|
|||
/dev/ r,
|
||||
|
||||
# Regular disk/partition devices
|
||||
/dev/sd[a-z] rk,
|
||||
/dev/sd[a-z][0-9]* rk,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/** r,
|
||||
/dev/{s,v}d[a-z] rk,
|
||||
/dev/{s,v}d[a-z][0-9]* rk,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
|
||||
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
|
||||
|
||||
# SSD Nvme devices
|
||||
|
|
@ -83,4 +83,4 @@
|
|||
|
||||
@{run}/udev/data/+usb:* r, # for ?
|
||||
|
||||
include if exists <abstractions/disks-read.d>
|
||||
include if exists <abstractions/disks-read.d>
|
||||
|
|
|
|||
|
|
@ -9,10 +9,10 @@
|
|||
/dev/ r,
|
||||
|
||||
# Regular disk/partition devices
|
||||
/dev/sd[a-z] rwk,
|
||||
/dev/sd[a-z][0-9]* rwk,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/** r,
|
||||
/dev/{s,v}d[a-z] rwk,
|
||||
/dev/{s,v}d[a-z][0-9]* rwk,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
|
||||
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
|
||||
|
||||
# SSD Nvme devices
|
||||
|
|
@ -83,4 +83,4 @@
|
|||
|
||||
@{run}/udev/data/+usb:* r, # for ?
|
||||
|
||||
include if exists <abstractions/disks-write.d>
|
||||
include if exists <abstractions/disks-write.d>
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ profile conky @{exec_path} {
|
|||
|
||||
# Display the hard disk model name
|
||||
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/**/model r,
|
||||
@{sys}/block/sd[a-z]/device/model r,
|
||||
@{sys}/block/{s,v}d[a-z]/device/model r,
|
||||
# Display the disk write/read speed
|
||||
@{PROC}/diskstats r,
|
||||
# Get the mount point names
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ profile fatresize @{exec_path} {
|
|||
@{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
|
||||
|
||||
# file_inherit
|
||||
/dev/sd[a-z] rw,
|
||||
/dev/{s,v}d[a-z] rw,
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -152,19 +152,19 @@ profile gpartedbin @{exec_path} {
|
|||
|
||||
/{usr/,}bin/mount mr,
|
||||
|
||||
mount /dev/sd[a-z][0-9]* -> /tmp/gparted-*/,
|
||||
mount /dev/{s,v}d[a-z][0-9]* -> /tmp/gparted-*/,
|
||||
|
||||
mount /dev/sd[a-z][0-9]* -> /boot/,
|
||||
mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/,
|
||||
mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
mount /dev/{s,v}d[a-z][0-9]* -> /boot/,
|
||||
mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
|
||||
mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/dev r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/sd[a-z][0-9]*/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/sd[a-z][0-9]*/{start,size} r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/dev r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r,
|
||||
|
||||
/dev/sd[a-z] r,
|
||||
/dev/sd[a-z][0-9]* r,
|
||||
/dev/{s,v}d[a-z] r,
|
||||
/dev/{s,v}d[a-z][0-9]* r,
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,10 +36,10 @@ profile ntfs-3g @{exec_path} {
|
|||
@{MOUNTS}/*/*/ r,
|
||||
|
||||
# Allow to mount ntfs disks only under the /media/, /run/media, and /mnt/ dirs
|
||||
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/,
|
||||
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/,
|
||||
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/*/,
|
||||
mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
|
||||
mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/,
|
||||
mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/*/,
|
||||
mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/,
|
||||
mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/*/,
|
||||
|
||||
|
|
|
|||
|
|
@ -47,8 +47,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
/{usr/,}bin/systemd-escape rPx,
|
||||
|
||||
# Allow mounting of removable devices
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z] -> @{MOUNTS}/*/*/,
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z] -> @{MOUNTS}/*/*/,
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/dm-[0-9]* -> @{MOUNTS}/*/*/,
|
||||
# Allow mounting of loop devices (ISO files)
|
||||
mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> @{MOUNTS}/*/*/,
|
||||
|
|
|
|||
Loading…
Reference in a new issue