mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-27 07:27:24 +01:00
feat(tunable): add u32 & u64.
- Reorganize the file - @{u32} == @{uid}
This commit is contained in:
parent
7b73adceeb
commit
18a71512a9
1 changed files with 50 additions and 30 deletions
|
@ -2,8 +2,8 @@
|
||||||
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
# To allow extended personalisation without breaking everything.
|
# Base variables
|
||||||
# All apparmor profiles should always use the variables defined here.
|
# --------------
|
||||||
|
|
||||||
# Any digit
|
# Any digit
|
||||||
@{d}=[0-9]
|
@{d}=[0-9]
|
||||||
|
@ -23,18 +23,23 @@
|
||||||
# Integer up to 10 digits (0-9999999999)
|
# Integer up to 10 digits (0-9999999999)
|
||||||
@{int}=@{d}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}
|
@{int}=@{d}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}
|
||||||
|
|
||||||
# Unsigned integer over 8 bits (0-255)
|
|
||||||
# 0 - 99 100 - 199 200 - 249 250 - 255
|
|
||||||
@{u8}=[0-9]{[0-9],} 1[0-9][0-9] 2[0-4][0-9] 25[0-5]
|
|
||||||
|
|
||||||
# Unsigned integer over 16 bits (0-65535, 5 digits)
|
|
||||||
@{u16}=@{d}{@{d},}{@{d},}{@{d},}{@{d},}
|
|
||||||
|
|
||||||
# hexadecimal, alphanumeric and word up to 64 characters
|
# hexadecimal, alphanumeric and word up to 64 characters
|
||||||
@{hex}=@{h}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}
|
@{hex}=@{h}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}
|
||||||
@{rand}=@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}
|
@{rand}=@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}
|
||||||
@{word}=@{w}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}
|
@{word}=@{w}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}
|
||||||
|
|
||||||
|
# Unsigned integer over 8 bits (0...255)
|
||||||
|
@{u8}=[0-9]{[0-9],} 1[0-9][0-9] 2[0-4][0-9] 25[0-5]
|
||||||
|
|
||||||
|
# Unsigned integer over 16 bits (0...65,535 5 digits)
|
||||||
|
@{u16}={@{d},[1-9]@{d},[1-9][@{d}@{d},[1-9]@{d}@{d}@{d},[1-6]@{d}@{d}@{d}@{d}}
|
||||||
|
|
||||||
|
# Unsigned integer over 32 bits (0...4,294,967,295 10 digits)
|
||||||
|
@{u32}={@{d},[1-9]@{d},[1-9]@{d}@{d},[1-9]@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-4]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}}
|
||||||
|
|
||||||
|
# Unsigned integer over 64 bits (0...18,446,744,073,709,551,615 20 digits).
|
||||||
|
@{u64}={@{d},[1-9]@{d},[1-9]@{d}@{d},[1-9]@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},1@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}}
|
||||||
|
|
||||||
# Any x digits characters
|
# Any x digits characters
|
||||||
@{int2}=@{d}@{d}
|
@{int2}=@{d}@{d}
|
||||||
@{int4}=@{int2}@{int2}
|
@{int4}=@{int2}@{int2}
|
||||||
|
@ -88,23 +93,9 @@
|
||||||
@{word32}=@{word16}@{word16}
|
@{word32}=@{word16}@{word16}
|
||||||
@{word64}=@{word32}@{word32}
|
@{word64}=@{word32}@{word32}
|
||||||
|
|
||||||
# Universally unique identifier
|
|
||||||
@{uuid}=@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}
|
|
||||||
|
|
||||||
# Username & group valid characters
|
# System Paths
|
||||||
@{user}=[a-zA-Z_]{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}
|
# ------------
|
||||||
@{group}=@{user}
|
|
||||||
|
|
||||||
# Semantic version
|
|
||||||
@{version}=@{int}{.@{int},}{.@{int},}{-@{rand},}
|
|
||||||
|
|
||||||
# Shortcut for PCI device
|
|
||||||
@{pci_id}=@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}
|
|
||||||
@{pci_bus}=pci@{h}@{h}@{h}@{h}:@{h}@{h}
|
|
||||||
@{pci}=@{pci_bus}/**/
|
|
||||||
|
|
||||||
# hci devices
|
|
||||||
@{hci_id}=dev_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}
|
|
||||||
|
|
||||||
# @{MOUNTDIRS} is a space-separated list of where user mount directories
|
# @{MOUNTDIRS} is a space-separated list of where user mount directories
|
||||||
# are stored, for programs that must enumerate all mount directories on a
|
# are stored, for programs that must enumerate all mount directories on a
|
||||||
|
@ -121,17 +112,46 @@
|
||||||
# Common places for temporary files
|
# Common places for temporary files
|
||||||
@{tmp}=/tmp/ /tmp/user/@{uid}/
|
@{tmp}=/tmp/ /tmp/user/@{uid}/
|
||||||
|
|
||||||
# Udev data dynamic assignment ranges
|
|
||||||
@{dynamic}=23[4-9] 24[0-9] 25[0-4] # range 234 to 254
|
|
||||||
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511
|
|
||||||
|
|
||||||
# Dbus unique name
|
# System Variables
|
||||||
@{busname}=:1.@{u16} :not.active.yet
|
# ----------------
|
||||||
|
|
||||||
# Common architecture names
|
# Common architecture names
|
||||||
@{arch}=x86_64 amd64 i386 i686
|
@{arch}=x86_64 amd64 i386 i686
|
||||||
|
|
||||||
|
# Dbus unique name
|
||||||
|
@{busname}=:1.@{u16} :not.active.yet
|
||||||
|
|
||||||
|
# Universally unique identifier
|
||||||
|
@{uuid}=@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}
|
||||||
|
|
||||||
|
# Username & group valid characters
|
||||||
|
@{user}=[a-zA-Z_]{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}
|
||||||
|
@{group}=@{user}
|
||||||
|
|
||||||
|
# Semantic version
|
||||||
|
@{version}=@{int}{.@{int},}{.@{int},}{-@{rand},}
|
||||||
|
|
||||||
# OpenSUSE does not have the same multiarch structure
|
# OpenSUSE does not have the same multiarch structure
|
||||||
@{multiarch}+=*-suse-linux* #aa:only opensuse
|
@{multiarch}+=*-suse-linux* #aa:only opensuse
|
||||||
|
|
||||||
|
|
||||||
|
# System Internal
|
||||||
|
# ---------------
|
||||||
|
|
||||||
|
# Shortcut for PCI device
|
||||||
|
@{pci_id}=@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}
|
||||||
|
@{pci_bus}=pci@{h}@{h}@{h}@{h}:@{h}@{h}
|
||||||
|
@{pci}=@{pci_bus}/**/
|
||||||
|
|
||||||
|
# hci devices
|
||||||
|
@{hci_id}=dev_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}
|
||||||
|
|
||||||
|
# Udev data dynamic assignment ranges
|
||||||
|
@{dynamic}=23[4-9] 24[0-9] 25[0-4] # range 234 to 254
|
||||||
|
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511
|
||||||
|
|
||||||
|
# Container path given to attach_disconnected.path=@{ct}@{profile_name}
|
||||||
|
@{ct}=/ct-
|
||||||
|
|
||||||
# vim:syntax=apparmor
|
# vim:syntax=apparmor
|
||||||
|
|
Loading…
Reference in a new issue