From 3d67b174e65bb421523b5c4e50e969da8853896a Mon Sep 17 00:00:00 2001 From: barmogund Date: Fri, 25 Oct 2024 13:38:41 +0200 Subject: [PATCH 01/15] Create tlp --- apparmor.d/profiles-s-z/tlp | 122 ++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 apparmor.d/profiles-s-z/tlp diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp new file mode 100644 index 00000000..9511cb5f --- /dev/null +++ b/apparmor.d/profiles-s-z/tlp @@ -0,0 +1,122 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Barmogund +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/tlp +profile tlp @{exec_path} flags=(attach_disconnected) { + include + include + include + include + include + + capability dac_read_search, + capability net_admin, + capability sys_nice, + capability sys_rawio, + capability sys_tty_config, + + network netlink raw, + + @{exec_path} mr, + + @{bin}/systemctl rix, + @{bin}/logger rix, + @{shells_path} rix, + @{bin}/cp rix, + @{bin}/chmod rix, + @{bin}/flock rix, + @{bin}/sort rix, + @{bin}/head rix, + @{bin}/mktemp rix, + @{bin}/readlink rix, + @{bin}/tr rix, + @{bin}/ethtool rix, + @{bin}/grep rix, + @{bin}/touch rix, + @{bin}/cat rix, + @{bin}/rm rix, + @{bin}/id rpx, + @{bin}/iw rpx, + @{bin}/hdparm rix, + @{bin}/uname rpx, + @{bin}/udevadm rix, + /usr/share/tlp/tlp-readconfs rix, + + owner / r, + + owner /etc/tlp.d/ r, + owner /etc/tlp.d/** rw, + owner /etc/udev/udev.conf r, + /etc/tlp.conf rw, + + owner /usr/share/tlp/** rw, + owner /usr/share/tlp/func.d/** rw, + + /usr/share/tlp/tlp-readconfs rw, + + /var/lib/power-profiles-daemon/{,**} rw, + + owner /usr/share/tlp/bat.d/** rw, + owner /usr/share/perl5/core_perl/** r, + + @{run}/udev/data/+platform:* r, + owner @{run}/tlp/* rw, + owner @{run}/tlp/lock_tlp rwk, + owner @{run}/udev/data/b@{int}:@{int} r, + + @{sys}/bus/ r, + owner @{sys}/bus/pci/drivers/nouveau/ r, + owner @{sys}/devices/@{pci}/ r, + owner @{sys}/devices/@{pci}/power/control rw, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/ r, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host@{int}/link_power_management_policy rw, + @{sys}/bus/platform/devices/ r, + @{sys}/class/ r, + @{sys}/class/power_supply/ r, + @{sys}/devices/@{pci}/uevent r, + @{sys}/devices/**/power_supply/*/scope r, + @{sys}/devices/**/power_supply/*/uevent r, + @{sys}/devices/platform/**/uevent r, + @{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r, + @{sys}/devices/system/cpu/*_pstate/status r, + @{sys}/devices/system/cpu/cpu@{int}/power/energy_perf_bias rw, + @{sys}/devices/system/cpu/cpufreq/ r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, + owner @{sys}/bus/pci/drivers/mei_me/ r, + owner @{sys}/bus/pci/devices/ r, + owner @{sys}/block/ r, + owner @{sys}/class/net/ r, + owner @{sys}/devices/platform/**/**/** r, + owner @{sys}/devices/virtual/block/loop@{int}/ r, + owner @{sys}/devices/virtual/block/loop@{int}/dev r, + owner @{sys}/devices/virtual/net/lo/uevent r, + owner @{sys}/devices/virtual/dmi/id/product_version rw, + owner @{sys}/class/drm/ rw, + owner @{sys}/module/pcie_aspm/parameters/policy rw, + owner @{sys}/module/snd_hda_intel/parameters/power_save rw, + owner @{sys}/module/snd_hda_intel/parameters/power_save_controller rw, + + @{sys}/firmware/acpi/platform_profile* rw, + @{sys}/firmware/acpi/pm_profile* rw, + @{sys}/devices/virtusl/** rw, + + owner @{PROC}/sys/vm/laptop_mode rw, + owner @{PROC}/sys/vm/dirty_writeback_centisecs rw, + owner @{PROC}/sys/vm/dirty_expire_centisecs rw, + owner @{PROC}/sys/fs/xfs/xfssyncd_centisecs rw, + owner @{PROC}/sys/kernel/nmi_watchdog rw, + + /dev/disk/by-id/ r, + owner /dev/sda r, + /dev/tty rw, + + include if exists +} + +# vim:syntax=apparmor From 2411da2214514f62dc33bad7cd44e6f890f1e157 Mon Sep 17 00:00:00 2001 From: barmogund Date: Fri, 25 Oct 2024 13:41:36 +0200 Subject: [PATCH 02/15] Update hdparm --- apparmor.d/profiles-g-l/hdparm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index 606540bb..e606f701 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -29,6 +29,14 @@ profile hdparm @{exec_path} flags=(complain) { # Image files owner @{user_img_dirs}/{,**} r, + # interaction with tlp + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/**/**/power/autosuspend_delay_ms r, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host0/link_power_management_policy rw, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/* r, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/dev r, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda/sda@{int}/dev r, + owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda@{int}/dev r, + # for hdparm --fibmap @{PROC}/devices r, From 875180dac166147569501b1473fd286334ddfd3a Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 18:49:04 +0100 Subject: [PATCH 03/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index 9511cb5f..c4065faa 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -26,7 +26,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { @{bin}/systemctl rix, @{bin}/logger rix, - @{shells_path} rix, + @{sh_path} rix, @{bin}/cp rix, @{bin}/chmod rix, @{bin}/flock rix, @@ -44,25 +44,24 @@ profile tlp @{exec_path} flags=(attach_disconnected) { @{bin}/iw rpx, @{bin}/hdparm rix, @{bin}/uname rpx, - @{bin}/udevadm rix, + @{bin}/udevadm rCx -> udevadm, /usr/share/tlp/tlp-readconfs rix, - owner / r, + / r, - owner /etc/tlp.d/ r, - owner /etc/tlp.d/** rw, - owner /etc/udev/udev.conf r, + /etc/tlp.d/ r, + /etc/tlp.d/** rw, /etc/tlp.conf rw, + /etc/udev/udev.conf r, - owner /usr/share/tlp/** rw, - owner /usr/share/tlp/func.d/** rw, + /usr/share/tlp/** rw, + /usr/share/tlp/func.d/** rw, /usr/share/tlp/tlp-readconfs rw, - /var/lib/power-profiles-daemon/{,**} rw, + /var/lib/power-profiles-daemon/state.ini rw, owner /usr/share/tlp/bat.d/** rw, - owner /usr/share/perl5/core_perl/** r, @{run}/udev/data/+platform:* r, owner @{run}/tlp/* rw, @@ -104,7 +103,6 @@ profile tlp @{exec_path} flags=(attach_disconnected) { @{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/pm_profile* rw, - @{sys}/devices/virtusl/** rw, owner @{PROC}/sys/vm/laptop_mode rw, owner @{PROC}/sys/vm/dirty_writeback_centisecs rw, @@ -117,6 +115,13 @@ profile tlp @{exec_path} flags=(attach_disconnected) { /dev/tty rw, include if exists + + profile udevadm { + include + include + + include if exists + } } # vim:syntax=apparmor From c4c51030ff8f83d542c3f66bec7764abb329e44d Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 18:51:09 +0100 Subject: [PATCH 04/15] Update hdparm --- apparmor.d/profiles-g-l/hdparm | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index e606f701..6f341520 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -10,6 +10,7 @@ include @{exec_path} = @{bin}/hdparm profile hdparm @{exec_path} flags=(complain) { include + include include include include @@ -29,14 +30,6 @@ profile hdparm @{exec_path} flags=(complain) { # Image files owner @{user_img_dirs}/{,**} r, - # interaction with tlp - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/**/**/power/autosuspend_delay_ms r, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host0/link_power_management_policy rw, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/* r, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/dev r, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda/sda@{int}/dev r, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda@{int}/dev r, - # for hdparm --fibmap @{PROC}/devices r, From ed350985f82d6f094ac7ece3cea1f79392584d54 Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 18:53:38 +0100 Subject: [PATCH 05/15] Update tlp ok checking what remains to be added --- apparmor.d/profiles-s-z/tlp | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index c4065faa..df1b454e 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -10,6 +10,7 @@ include profile tlp @{exec_path} flags=(attach_disconnected) { include include + include include include include @@ -68,39 +69,6 @@ profile tlp @{exec_path} flags=(attach_disconnected) { owner @{run}/tlp/lock_tlp rwk, owner @{run}/udev/data/b@{int}:@{int} r, - @{sys}/bus/ r, - owner @{sys}/bus/pci/drivers/nouveau/ r, - owner @{sys}/devices/@{pci}/ r, - owner @{sys}/devices/@{pci}/power/control rw, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/ r, - owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host@{int}/link_power_management_policy rw, - @{sys}/bus/platform/devices/ r, - @{sys}/class/ r, - @{sys}/class/power_supply/ r, - @{sys}/devices/@{pci}/uevent r, - @{sys}/devices/**/power_supply/*/scope r, - @{sys}/devices/**/power_supply/*/uevent r, - @{sys}/devices/platform/**/uevent r, - @{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r, - @{sys}/devices/system/cpu/*_pstate/status r, - @{sys}/devices/system/cpu/cpu@{int}/power/energy_perf_bias rw, - @{sys}/devices/system/cpu/cpufreq/ r, - @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, - @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, - owner @{sys}/bus/pci/drivers/mei_me/ r, - owner @{sys}/bus/pci/devices/ r, - owner @{sys}/block/ r, - owner @{sys}/class/net/ r, - owner @{sys}/devices/platform/**/**/** r, - owner @{sys}/devices/virtual/block/loop@{int}/ r, - owner @{sys}/devices/virtual/block/loop@{int}/dev r, - owner @{sys}/devices/virtual/net/lo/uevent r, - owner @{sys}/devices/virtual/dmi/id/product_version rw, - owner @{sys}/class/drm/ rw, - owner @{sys}/module/pcie_aspm/parameters/policy rw, - owner @{sys}/module/snd_hda_intel/parameters/power_save rw, - owner @{sys}/module/snd_hda_intel/parameters/power_save_controller rw, - @{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/pm_profile* rw, From 062b1ea41aeefd2632f96d27c3e330c261448e44 Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 19:01:26 +0100 Subject: [PATCH 06/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index df1b454e..03230f8b 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -10,7 +10,7 @@ include profile tlp @{exec_path} flags=(attach_disconnected) { include include - include + include include include include From 9cc2872c89dbed880deb8197ea8fbc8ed72c86cf Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 19:01:47 +0100 Subject: [PATCH 07/15] Update hdparm --- apparmor.d/profiles-g-l/hdparm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index 6f341520..430efc01 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/hdparm profile hdparm @{exec_path} flags=(complain) { include - include + include include include include From 04173c88f6ef8153e1a2c69cd5bb3ab4f1f36af7 Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 19:57:09 +0100 Subject: [PATCH 08/15] Update tlp perl is needed checked wich @{sys} additions were needed --- apparmor.d/profiles-s-z/tlp | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index 03230f8b..c802461c 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Barmogund +# Copyright (C) 2021-2024 Alexandre Pujol +# Copyright (C) 2024 Barmogund # SPDX-License-Identifier: GPL-2.0-only abi , @@ -14,6 +15,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { include include include + include capability dac_read_search, capability net_admin, @@ -23,6 +25,8 @@ profile tlp @{exec_path} flags=(attach_disconnected) { network netlink raw, + ptrace read peer=unconfined, + @{exec_path} mr, @{bin}/systemctl rix, @@ -69,6 +73,24 @@ profile tlp @{exec_path} flags=(attach_disconnected) { owner @{run}/tlp/lock_tlp rwk, owner @{run}/udev/data/b@{int}:@{int} r, + @{sys}/class/net/ r, + @{sys}/class/power_supply/ r, + @{sys}/bus/pci/drivers/mei_me/ r, + @{sys}/bus/pci/drivers/nouveau/ r, + @{sys}/bus/pci/drivers/xhci_hcd/ r, + @{sys}/devices/LNXSYSTM:@{rand2}/**/power_supply/BAT@{int}/type r, + @{sys}/devices/LNXSYSTM:@{rand2}/**/**/power_supply/BAT@{int}/type r, + @{sys}/devices/LNXSYSTM:@{rand2}/**/**/power_supply/BAT@{int}/present r, + @{sys}/devices/@{pci}/ r, + @{sys}/devices/@{pci}/power/control rw, + @{sys}/devices/platform/**/power_supply/ADP@{int}/online r, + @{sys}/devices/platform/**/power_supply/ADP@{int}/type r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, + @{sys}/devices/virtual/dmi/id/product_version r, + @{sys}/devices/virtual/net/lo/uevent r, + @{sys}/module/pcie_aspm/parameters/policy rw, + @{sys}/module/snd_hda_intel/parameters/power_save rw, + @{sys}/module/snd_hda_intel/parameters/power_save_controller rw, @{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/pm_profile* rw, From 0f906c7e0967fb3df5cc708247cd79dcc1f31310 Mon Sep 17 00:00:00 2001 From: barmogund Date: Sun, 27 Oct 2024 21:05:42 +0100 Subject: [PATCH 09/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index c802461c..3a7ef8a4 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -45,9 +45,9 @@ profile tlp @{exec_path} flags=(attach_disconnected) { @{bin}/touch rix, @{bin}/cat rix, @{bin}/rm rix, - @{bin}/id rpx, - @{bin}/iw rpx, - @{bin}/hdparm rix, + @{bin}/id rPx, + @{bin}/iw rPx, + @{bin}/hdparm rPx, @{bin}/uname rpx, @{bin}/udevadm rCx -> udevadm, /usr/share/tlp/tlp-readconfs rix, From 7d0fd5e178a71cd9990304e8880773b117820a01 Mon Sep 17 00:00:00 2001 From: barmogund Date: Mon, 28 Oct 2024 15:50:46 +0100 Subject: [PATCH 10/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index 3a7ef8a4..be4cbb23 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -61,7 +61,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { /usr/share/tlp/** rw, /usr/share/tlp/func.d/** rw, - + /usr/share/tlp/tlp-readconfs rw, /var/lib/power-profiles-daemon/state.ini rw, From ba89afe91874e553e512024e8f00912e0fa3df83 Mon Sep 17 00:00:00 2001 From: barmogund Date: Mon, 28 Oct 2024 16:34:05 +0100 Subject: [PATCH 11/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index be4cbb23..bce8b4f9 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -103,7 +103,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { /dev/disk/by-id/ r, owner /dev/sda r, /dev/tty rw, - + include if exists profile udevadm { From 16b440ec98200782726c0eccec595f7c873b3297 Mon Sep 17 00:00:00 2001 From: barmogund Date: Fri, 1 Nov 2024 14:54:07 +0100 Subject: [PATCH 12/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index bce8b4f9..ededada3 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -29,7 +29,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/systemctl rix, + @{bin}/systemctl rCx -> systemctl, @{bin}/logger rix, @{sh_path} rix, @{bin}/cp rix, @@ -57,30 +57,22 @@ profile tlp @{exec_path} flags=(attach_disconnected) { /etc/tlp.d/ r, /etc/tlp.d/** rw, /etc/tlp.conf rw, - /etc/udev/udev.conf r, - - /usr/share/tlp/** rw, - /usr/share/tlp/func.d/** rw, - - /usr/share/tlp/tlp-readconfs rw, + + /usr/share/tlp/** r, /var/lib/power-profiles-daemon/state.ini rw, - owner /usr/share/tlp/bat.d/** rw, - @{run}/udev/data/+platform:* r, owner @{run}/tlp/* rw, owner @{run}/tlp/lock_tlp rwk, - owner @{run}/udev/data/b@{int}:@{int} r, - + @{sys}/class/net/ r, @{sys}/class/power_supply/ r, @{sys}/bus/pci/drivers/mei_me/ r, @{sys}/bus/pci/drivers/nouveau/ r, @{sys}/bus/pci/drivers/xhci_hcd/ r, - @{sys}/devices/LNXSYSTM:@{rand2}/**/power_supply/BAT@{int}/type r, - @{sys}/devices/LNXSYSTM:@{rand2}/**/**/power_supply/BAT@{int}/type r, - @{sys}/devices/LNXSYSTM:@{rand2}/**/**/power_supply/BAT@{int}/present r, + @{sys}/devices/**/power_supply/BAT@{int}/type r, + @{sys}/devices/**/power_supply/BAT@{int}/present r, @{sys}/devices/@{pci}/ r, @{sys}/devices/@{pci}/power/control rw, @{sys}/devices/platform/**/power_supply/ADP@{int}/online r, @@ -104,7 +96,12 @@ profile tlp @{exec_path} flags=(attach_disconnected) { owner /dev/sda r, /dev/tty rw, - include if exists + profile systemctl { + include + include + + include if exists _systemctl> + } profile udevadm { include @@ -112,6 +109,8 @@ profile tlp @{exec_path} flags=(attach_disconnected) { include if exists } + + include if exists } # vim:syntax=apparmor From 81859c17a7b836bc30dc9c92711eccb8e0b0f954 Mon Sep 17 00:00:00 2001 From: barmogund Date: Fri, 1 Nov 2024 14:55:17 +0100 Subject: [PATCH 13/15] Update hdparm --- apparmor.d/profiles-g-l/hdparm | 1 - 1 file changed, 1 deletion(-) diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index 430efc01..a4fa3497 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -13,7 +13,6 @@ profile hdparm @{exec_path} flags=(complain) { include include include - include # To remove the following errors: # re-writing sector *: BLKFLSBUF failed: Permission denied From 83887799ff440f5c28069505e3a73bf7f8f39a7b Mon Sep 17 00:00:00 2001 From: barmogund Date: Sat, 2 Nov 2024 12:55:42 +0100 Subject: [PATCH 14/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index ededada3..885353d7 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -100,7 +100,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { include include - include if exists _systemctl> + include if exists } profile udevadm { From d5ca36fa2b5c2dbd9ffdbd6a6cf95f80f90141d4 Mon Sep 17 00:00:00 2001 From: barmogund Date: Mon, 4 Nov 2024 12:48:39 +0100 Subject: [PATCH 15/15] Update tlp --- apparmor.d/profiles-s-z/tlp | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index 885353d7..641a3203 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -66,20 +66,7 @@ profile tlp @{exec_path} flags=(attach_disconnected) { owner @{run}/tlp/* rw, owner @{run}/tlp/lock_tlp rwk, - @{sys}/class/net/ r, - @{sys}/class/power_supply/ r, - @{sys}/bus/pci/drivers/mei_me/ r, - @{sys}/bus/pci/drivers/nouveau/ r, - @{sys}/bus/pci/drivers/xhci_hcd/ r, - @{sys}/devices/**/power_supply/BAT@{int}/type r, - @{sys}/devices/**/power_supply/BAT@{int}/present r, - @{sys}/devices/@{pci}/ r, - @{sys}/devices/@{pci}/power/control rw, - @{sys}/devices/platform/**/power_supply/ADP@{int}/online r, - @{sys}/devices/platform/**/power_supply/ADP@{int}/type r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, - @{sys}/devices/virtual/dmi/id/product_version r, - @{sys}/devices/virtual/net/lo/uevent r, @{sys}/module/pcie_aspm/parameters/policy rw, @{sys}/module/snd_hda_intel/parameters/power_save rw, @{sys}/module/snd_hda_intel/parameters/power_save_controller rw, @@ -93,7 +80,6 @@ profile tlp @{exec_path} flags=(attach_disconnected) { owner @{PROC}/sys/kernel/nmi_watchdog rw, /dev/disk/by-id/ r, - owner /dev/sda r, /dev/tty rw, profile systemctl {