From 21250f5eec40be4efd00456a4f6004f05aff8c49 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 21 May 2022 17:13:03 +0100 Subject: [PATCH] feat(profiles): add needrestart-iucode-scan-versions. --- .../needrestart-iucode-scan-versions | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 apparmor.d/profiles-m-r/needrestart-iucode-scan-versions diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions new file mode 100644 index 00000000..17a723e0 --- /dev/null +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -0,0 +1,35 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2022 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}lib/needrestart/iucode-scan-versions +profile needrestart-iucode-scan-versions @{exec_path} { + include + + @{exec_path} mr, + + /{usr/,}{s,}bin/iucode_tool rix, + /{usr/,}bin/{,ba,da}sh rix, + /{usr/,}bin/{,e}grep rix, + /{usr/,}bin/bsdtar rix, + /{usr/,}bin/cat rix, + + /usr/share/misc/ r, + /usr/share/misc/intel-microcode* r, + + /etc/default/intel-microcode r, + /etc/needrestart/iucode.sh r, + + /boot/intel-ucode.img r, + /boot/early_ucode.cpio r, + + @{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r, + + /dev/tty rw, + + include if exists +} \ No newline at end of file