mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 17:08:09 +01:00
Create gamemoded
This commit is contained in:
odomingao
Alex
parent
6723b43559
commit
117b54d16c
1 changed files with 81 additions and 0 deletions
81
apparmor.d/profiles-g-l/gamemoded
Normal file
81
apparmor.d/profiles-g-l/gamemoded
Normal file
|
|
@ -0,0 +1,81 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/gamemoded
|
||||||
|
profile gamemoded @{exec_path} flags=(attach_disconnected) {
|
||||||
|
include <abstractions/base>
|
||||||
|
|
||||||
|
capability sys_ptrace,
|
||||||
|
|
||||||
|
ptrace read,
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
@{bin}/pkexec Cx -> pkexec,
|
||||||
|
@{lib}/gamemode/gpuclockctl Cx -> pkexec,
|
||||||
|
|
||||||
|
/etc/gamemode.ini r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/ r,
|
||||||
|
|
||||||
|
@{sys}/devices/@{pci}/vendor r,
|
||||||
|
@{sys}/devices/@{pci}/power_dpm_force_performance_level r,
|
||||||
|
@{sys}/devices/system/cpu/{,**} r,
|
||||||
|
@{sys}/devices/virtual/powercap/{,**} r,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/split_lock_mitigate r,
|
||||||
|
owner @{PROC}/@{pid}/ r,
|
||||||
|
owner @{PROC}/@{pid}/cmdline r,
|
||||||
|
owner @{PROC}/@{pid}/environ r,
|
||||||
|
owner @{PROC}/@{pid}/fdinfo/ r,
|
||||||
|
owner @{PROC}/@{pid}/fdinfo/@{int} r,
|
||||||
|
owner @{PROC}/@{pid}/task/ r,
|
||||||
|
|
||||||
|
profile pkexec {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/authentication>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
capability audit_write,
|
||||||
|
capability mknod,
|
||||||
|
capability setgid,
|
||||||
|
capability sys_ptrace,
|
||||||
|
|
||||||
|
ptrace read peer=gamemoded,
|
||||||
|
|
||||||
|
network netlink raw,
|
||||||
|
|
||||||
|
@{bin}/pkexec mr,
|
||||||
|
|
||||||
|
@{lib}/gamemode/{,**} r,
|
||||||
|
@{lib}/gamemode/cpugovctl ix,
|
||||||
|
@{lib}/gamemode/gpuclockctl ix,
|
||||||
|
@{lib}/gamemode/procsysctl ix,
|
||||||
|
|
||||||
|
/etc/security/limits.d/ r,
|
||||||
|
/etc/security/limits.d/@{int}-gamemode.conf r,
|
||||||
|
/etc/shells r,
|
||||||
|
|
||||||
|
@{sys}/devices/@{pci}/power_dpm_force_performance_level rw,
|
||||||
|
@{sys}/devices/@{pci}/vendor r,
|
||||||
|
@{sys}/devices/system/cpu/ r,
|
||||||
|
@{sys}/devices/system/cpu/cpu@{int}/cpufreq r,
|
||||||
|
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw,
|
||||||
|
|
||||||
|
@{PROC}/@{pid}/fdinfo/@{int} r,
|
||||||
|
@{PROC}/@{pid}/loginuid r,
|
||||||
|
@{PROC}/@{pid}/stat r,
|
||||||
|
@{PROC}/sys/kernel/split_lock_mitigate rw,
|
||||||
|
|
||||||
|
include if exists <local/gamemoded_pkexec>
|
||||||
|
}
|
||||||
|
|
||||||
|
include if exists <local/gamemoded>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
Loading…
Reference in a new issue