mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
General update
This commit is contained in:
parent
64ad329dd9
commit
118c412378
4 changed files with 21 additions and 3 deletions
|
@ -69,7 +69,9 @@ profile grub-mkconfig @{exec_path} {
|
||||||
/usr/share/grub/{**,} r,
|
/usr/share/grub/{**,} r,
|
||||||
/usr/share/terminfo/x/xterm-256color r,
|
/usr/share/terminfo/x/xterm-256color r,
|
||||||
|
|
||||||
|
/.zfs/snapshot/*/boot/ r,
|
||||||
/.zfs/snapshot/*/etc/{machine-id,} r,
|
/.zfs/snapshot/*/etc/{machine-id,} r,
|
||||||
|
/.zfs/snapshot/*/etc/fstab r,
|
||||||
/.zfs/snapshot/*/{usr/,}lib/os-release r,
|
/.zfs/snapshot/*/{usr/,}lib/os-release r,
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
|
|
|
@ -65,6 +65,8 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
|
||||||
/var/lib/dkms/**/configure rix,
|
/var/lib/dkms/**/configure rix,
|
||||||
/var/lib/dkms/**/dkms.postbuild rix,
|
/var/lib/dkms/**/dkms.postbuild rix,
|
||||||
|
|
||||||
|
/var/lib/shim-signed/mok/** r,
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
/{usr/,}lib/modules/*/updates/ rw,
|
/{usr/,}lib/modules/*/updates/ rw,
|
||||||
/{usr/,}lib/modules/*/updates/dkms/{,*,*/,**.ko.xz,**.ko.zst} rw,
|
/{usr/,}lib/modules/*/updates/dkms/{,*,*/,**.ko.xz,**.ko.zst} rw,
|
||||||
|
|
|
@ -15,8 +15,20 @@ profile update-secureboot-policy @{exec_path} {
|
||||||
@{exec_path} rm,
|
@{exec_path} rm,
|
||||||
|
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
|
/{usr/,}bin/{,m,g}awk rix,
|
||||||
/{usr/,}bin/dpkg-trigger rPx,
|
/{usr/,}bin/dpkg-trigger rPx,
|
||||||
|
/{usr/,}bin/find rix,
|
||||||
|
/{usr/,}bin/id rix,
|
||||||
|
/{usr/,}bin/od rix,
|
||||||
|
/{usr/,}bin/sort rix,
|
||||||
|
/{usr/,}bin/touch rix,
|
||||||
|
/{usr/,}bin/wc rix,
|
||||||
/usr/share/debconf/frontend rPx,
|
/usr/share/debconf/frontend rPx,
|
||||||
|
|
||||||
|
/usr/share/debconf/confmodule r,
|
||||||
|
|
||||||
|
/var/lib/dkms/ r,
|
||||||
|
/var/lib/shim-signed/dkms-list r,
|
||||||
|
|
||||||
include if exists <local/update-secureboot-policy>
|
include if exists <local/update-secureboot-policy>
|
||||||
}
|
}
|
|
@ -27,6 +27,8 @@ profile whereis @{exec_path} flags=(complain) {
|
||||||
/usr/share/man/{**,} r,
|
/usr/share/man/{**,} r,
|
||||||
/usr/src/{**,} r,
|
/usr/src/{**,} r,
|
||||||
|
|
||||||
|
/etc/ r,
|
||||||
|
|
||||||
/opt/ r,
|
/opt/ r,
|
||||||
/opt/cni/bin/ r,
|
/opt/cni/bin/ r,
|
||||||
/opt/containerd/bin/ r,
|
/opt/containerd/bin/ r,
|
||||||
|
|
Loading…
Reference in a new issue