mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(full): add new systemd variable.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-19 11:13:40 +00:00
parent b79a1fcd31
commit 2143fb03af
Failed to generate hash of commit
7 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/ssh/sshd
View file

@ -44,14 +44,16 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
# but will fall back to a non-privileged version if it fails. # but will fall back to a non-privileged version if it fails.
deny capability net_admin, deny capability net_admin,
ptrace (read,trace) peer=unconfined,
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(hup) peer=@{systemd},
ptrace (read,trace) peer=@{systemd},
dbus send bus=system path=/org/freedesktop/login[0-9] dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager interface=org.freedesktop.login[0-9].Manager
member={CreateSession,ReleaseSession} member={CreateSession,ReleaseSession}

2
apparmor.d/groups/systemd/systemd-update-done
View file

@ -12,7 +12,7 @@ profile systemd-update-done @{exec_path} {
capability net_admin, capability net_admin,
ptrace (read) peer=unconfined, ptrace (read) peer=@{systemd},
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/systemd/systemd-userwork
View file

@ -14,6 +14,8 @@ profile systemd-userwork @{exec_path} flags=(attach_disconnected) {
capability sys_resource, capability sys_resource,
signal (send) peer=@{systemd},
@{exec_path} mr, @{exec_path} mr,
/etc/machine-id r, /etc/machine-id r,

2
apparmor.d/profiles-m-r/qemu-ga
View file

@ -19,7 +19,7 @@ profile qemu-ga @{exec_path} {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
ptrace peer=unconfined, ptrace (read) peer=@{systemd},
dbus send bus=system path=/org/freedesktop/login1 dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager interface=org.freedesktop.login1.Manager

2
apparmor.d/profiles-s-z/snapd
View file

@ -44,7 +44,7 @@ profile snapd @{exec_path} {
umount /snap/*/*/, umount /snap/*/*/,
ptrace (read) peer=snap, ptrace (read) peer=snap,
ptrace (read) peer=unconfined, ptrace (read) peer=@{systemd},
dbus (send) bus=system path=/org/freedesktop/ dbus (send) bus=system path=/org/freedesktop/
interface=org.freedesktop.login1.Manager interface=org.freedesktop.login1.Manager

2
apparmor.d/profiles-s-z/udisksd
View file

@ -54,6 +54,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
umount @{run}/udisks2/temp-mount-*/, umount @{run}/udisks2/temp-mount-*/,
umount /media/cdrom[0-9]/, umount /media/cdrom[0-9]/,
signal (receive) set=(int) peer=@{systemd},
dbus (send,receive) bus=system path=/ dbus (send,receive) bus=system path=/
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable
member=Introspect, member=Introspect,

3
apparmor.d/tunables/multiarch.d/apparmor.d
View file

@ -53,3 +53,6 @@
# Common places for binaries and libraries across distributions # Common places for binaries and libraries across distributions
@{bin}=/{,usr/}{,s}bin @{bin}=/{,usr/}{,s}bin
@{lib}=/{,usr/}lib{,exec,32,64} @{lib}=/{,usr/}lib{,exec,32,64}
# Name of the systemd profile: unconfined || systemd
@{systemd}=unconfined