mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-24 20:08:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(profile): firt set of issues raised by the integration tests

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-21 22:00:02 +01:00
parent 48738a4cae
commit 2823f7562b
Failed to generate hash of commit
5 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/disks-read
View file

@ -20,6 +20,8 @@
@{sys}/devices/@{pci}/host@{int}/** r, @{sys}/devices/@{pci}/host@{int}/** r,
@{sys}/devices/@{pci}/usb@{int}/** r, @{sys}/devices/@{pci}/usb@{int}/** r,
@{sys}/devices/@{pci}/virtio@{int}/** r, @{sys}/devices/@{pci}/virtio@{int}/** r,
@{sys}/devices/**/host@{int}/**/block/{s,v}d[a-z]/ r,
@{sys}/devices/**/host@{int}/**/block/{s,v}d[a-z]/** r,
# SSD Nvme devices # SSD Nvme devices
/dev/nvme[0-9]* rk, /dev/nvme[0-9]* rk,

2
apparmor.d/abstractions/disks-write
View file

@ -20,6 +20,8 @@
@{sys}/devices/@{pci}/host@{int}/** r, @{sys}/devices/@{pci}/host@{int}/** r,
@{sys}/devices/@{pci}/usb@{int}/** r, @{sys}/devices/@{pci}/usb@{int}/** r,
@{sys}/devices/@{pci}/virtio@{int}/** r, @{sys}/devices/@{pci}/virtio@{int}/** r,
@{sys}/devices/**/host@{int}/**/block/{s,v}d[a-z]/ r,
@{sys}/devices/**/host@{int}/**/block/{s,v}d[a-z]/** r,
# SSD Nvme devices # SSD Nvme devices
/dev/nvme[0-9]* rwk, /dev/nvme[0-9]* rwk,

2
apparmor.d/profiles-a-f/aa-enforce
View file

@ -6,7 +6,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/aa-enforce @{bin}/aa-complain @{bin}/aa-audit @{exec_path} = @{bin}/aa-enforce @{bin}/aa-complain @{bin}/aa-audit @{bin}/aa-disable
profile aa-enforce @{exec_path} { profile aa-enforce @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>

5
apparmor.d/profiles-a-f/blkid
View file

@ -23,6 +23,8 @@ profile blkid @{exec_path} flags=(attach_disconnected) {
@{etc_rw}/blkid.tab{,-@{rand6}} rw, @{etc_rw}/blkid.tab{,-@{rand6}} rw,
@{etc_rw}/blkid.tab.old rwl -> /etc/blkid.tab, @{etc_rw}/blkid.tab.old rwl -> /etc/blkid.tab,
/.ismount-test-file rw,
# Image files # Image files
@{user_img_dirs}/{,**} r, @{user_img_dirs}/{,**} r,
@ -34,8 +36,9 @@ profile blkid @{exec_path} flags=(attach_disconnected) {
@{run}/cloud-init/ds-identify.log w, # file_inherit @{run}/cloud-init/ds-identify.log w, # file_inherit
# For the EVALUATE=scan method @{PROC}/@{pid}/mounts r,
@{PROC}/partitions r, @{PROC}/partitions r,
@{PROC}/swaps r,
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,

3
apparmor.d/profiles-g-l/lspci
View file

@ -30,10 +30,11 @@ profile lspci @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.pciids-cache.tmp-*-@{pid} rw, owner @{HOME}/.pciids-cache.tmp-*-@{pid} rw,
owner @{HOME}/.pciids-cache rw, owner @{HOME}/.pciids-cache rw,
owner @{user_cache_dirs}/pci-ids rw,
@{sys}/bus/pci/devices/ r, @{sys}/bus/pci/devices/ r,
@{sys}/bus/pci/slots/ r, @{sys}/bus/pci/slots/ r,
@{sys}/bus/pci/slots/@{int}/address r, @{sys}/bus/pci/slots/@{int}-@{int}/address r,
@{sys}/devices/@{pci}/** r, @{sys}/devices/@{pci}/** r,
@{sys}/module/compression r, @{sys}/module/compression r,