feat(profile): general update.

2025-01-18 00:48:10 +01:00 · 2024-06-20 17:57:30 +01:00 · 2024-06-20 17:57:30 +01:00 · 58c07e5ea5
commit 58c07e5ea5
parent be27f646ce
8 changed files with 14 additions and 7 deletions
--- a/apparmor.d/groups/pacman/aurpublish
+++ b/apparmor.d/groups/pacman/aurpublish
@ -45,6 +45,7 @@ profile aurpublish @{exec_path} {
  /usr/share/terminfo/** r,

  /etc/makepkg.conf r,
+  /etc/makepkg.conf.d/{,**} r,

  owner @{user_build_dirs}/**/ w,
  owner @{user_projects_dirs}/**/ r,
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio
@ -65,6 +65,8 @@ profile pacman-hook-mkinitcpio @{exec_path} flags=(attach_disconnected) {

    /var/lib/pacman/{,**} r,

+    @{HOME}/@{XDG_GPG_DIR}/*.conf r,
+
    include if exists <local/pacman-hook-mkinitcpio_pacman>
  }

--- a/apparmor.d/groups/systemd/systemd-machined
+++ b/apparmor.d/groups/systemd/systemd-machined
@ -40,6 +40,7 @@ profile systemd-machined @{exec_path} {
  /var/lib/machines/{,**} rw,
  /etc/machine-id r,

+  @{run}/systemd/machine/{,**} rw,
  @{run}/systemd/machines/{,**} rw,
  @{run}/systemd/notify w,

--- a/apparmor.d/profiles-a-f/check-bios-nx
+++ b/apparmor.d/profiles-a-f/check-bios-nx
@ -27,8 +27,7 @@ profile check-bios-nx @{exec_path} {

  @{bin}/rdmsr  rPx,

-  owner @{PROC}/@{pid}/fd/2 w,
-
+  owner @{PROC}/@{pid}/fd/@{int} rw,

  profile kmod {
    include <abstractions/base>
--- a/apparmor.d/profiles-a-f/ddcutil
+++ b/apparmor.d/profiles-a-f/ddcutil
@ -23,6 +23,8 @@ profile ddcutil @{exec_path} {
  @{bin}/xargs             rix,
  @{bin}/grep              rix,

+  / r,
+
  owner @{user_cache_dirs}/ddcutil/ rw,
  owner @{user_cache_dirs}/ddcutil/** rwlk,

--- a/apparmor.d/profiles-g-l/git
+++ b/apparmor.d/profiles-g-l/git
@ -56,6 +56,7 @@ profile git @{exec_path} {
  @{bin}/rm          rix,
  @{bin}/sed         rix,
  @{bin}/tar         rix,
+  @{bin}/true        rix,
  @{bin}/uname       rix,
  @{bin}/wc          rix,
  @{bin}/whoami      rix,
--- a/apparmor.d/profiles-g-l/glib-compile-schemas
+++ b/apparmor.d/profiles-g-l/glib-compile-schemas
@ -22,10 +22,10 @@ profile glib-compile-schemas @{exec_path} {

  /usr/share/gnome-shell/extensions/*/schemas/org.gnome.shell.extensions.*.gschema.xml r,

-  owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/ r,
-  owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/gschemas.compiled rw,
-  owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/gschemas.compiled.@{rand6} rw,
-  owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/org.gnome.shell.extensions.*.gschema.xml r,
+  owner @{user_share_dirs}/gnome-shell/extension{,-updates}/*/schemas/ r,
+  owner @{user_share_dirs}/gnome-shell/extension{,-updates}/*/schemas/gschemas.compiled rw,
+  owner @{user_share_dirs}/gnome-shell/extension{,-updates}/*/schemas/gschemas.compiled.@{rand6} rw,
+  owner @{user_share_dirs}/gnome-shell/extension{,-updates}/*/schemas/org.gnome.shell.extensions.*.gschema.xml r,

  include if exists <local/glib-compile-schemas>
 }
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@ -15,9 +15,10 @@ profile update-ca-trust @{exec_path} {

  @{exec_path} mr,

-  @{bin}/bash   rix,
+  @{sh_path}    rix,
  @{bin}/find   rix,
  @{bin}/ln     rix,
+  @{bin}/mkdir  rix,
  @{bin}/trust  rix,

  / r,