/proc/sys/kernel/random/boot_id is part of nameservice-strict.

2024-11-15 07:54:17 +01:00 · 2022-03-02 18:19:25 +00:00 · 2022-03-02 18:19:25 +00:00 · 683da55bb9
commit 683da55bb9
parent 28ee94c4a5
19 changed files with 0 additions and 22 deletions
--- a/apparmor.d/groups/bus/dbus-daemon
+++ b/apparmor.d/groups/bus/dbus-daemon
@ -54,7 +54,6 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
        @{PROC}/1/environ r,
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
-        @{PROC}/sys/kernel/random/boot_id r,

  @{sys}/module/apparmor/parameters/enabled r,

--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@ -54,7 +54,6 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
        @{PROC}/1/environ r,
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
-        @{PROC}/sys/kernel/random/boot_id r,

  include if exists <local/gdm>
 }
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@ -65,7 +65,6 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/loginuid rw,
  owner @{PROC}/@{pid}/uid_map r,
-  owner @{PROC}/sys/kernel/random/boot_id r,

  /dev/tty rw,
  /dev/tty[0-9]* rw,
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -46,7 +46,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/net/wireless r,
-        @{PROC}/sys/kernel/random/boot_id r,

  @{run}/mount/utab r,
  @{run}/systemd/userdb/ r,
--- a/apparmor.d/groups/gvfs/gvfsd-recent
+++ b/apparmor.d/groups/gvfs/gvfsd-recent
@ -30,7 +30,6 @@ profile gvfsd-recent @{exec_path} {
  owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw,
  
  owner @{PROC}/@{pid}/mountinfo r,
-        @{PROC}/sys/kernel/random/boot_id r,

  @{run}/systemd/userdb/ r,
  @{run}/mount/utab r,
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@ -84,7 +84,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
        @{PROC}/1/environ r,
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
-        @{PROC}/sys/kernel/random/boot_id r,
        @{PROC}/sys/net/** rw,

  include if exists <local/NetworkManager>
--- a/apparmor.d/groups/network/nm-openvpn-service
+++ b/apparmor.d/groups/network/nm-openvpn-service
@ -31,7 +31,6 @@ profile nm-openvpn-service @{exec_path} {
  /dev/tty rw,

  owner @{PROC}/@{pid}/fd/ r,
-        @{PROC}/sys/kernel/random/boot_id r,

  include if exists <local/nm-openvpn-service>
 }
--- a/apparmor.d/groups/systemd/hostnamectl
+++ b/apparmor.d/groups/systemd/hostnamectl
@ -14,7 +14,5 @@ profile hostnamectl @{exec_path} {

  /etc/machine-id r,

-  @{PROC}/sys/kernel/random/boot_id r,
-
  include if exists <local/hostnamectl>
 }
--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@ -67,7 +67,6 @@ profile systemd-journald @{exec_path} {
  @{PROC}/@{pids}/sessionid r,
  @{PROC}/@{pids}/loginuid r,
  @{PROC}/@{pids}/cgroup r,
-  @{PROC}/sys/kernel/random/boot_id r,
  @{PROC}/sys/kernel/hostname r,

  /dev/kmsg rw,
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@ -41,7 +41,6 @@ profile systemd-resolved @{exec_path} {
  @{PROC}/cmdline r,
  @{PROC}/sys/kernel/hostname r,
  @{PROC}/sys/kernel/osrelease r,
-  @{PROC}/sys/kernel/random/boot_id r,

  # System access
  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
--- a/apparmor.d/groups/systemd/systemd-udevd
+++ b/apparmor.d/groups/systemd/systemd-udevd
@ -93,7 +93,6 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected complain) {
  owner @{PROC}/@{pid}/fd/ r,
        @{PROC}/@{pids}/cgroup r,
        @{PROC}/devices r,
-        @{PROC}/sys/kernel/random/boot_id r,

  # file_inherit
  owner @{HOME}/.xsession-errors w,
--- a/apparmor.d/groups/systemd/userdbctl
+++ b/apparmor.d/groups/systemd/userdbctl
@ -25,7 +25,6 @@ profile userdbctl @{exec_path} {
  @{run}/systemd/userdb/ r,

  @{PROC}/@{pid}/cgroup r,
-  @{PROC}/sys/kernel/random/boot_id r,

  include if exists <local/userdbctl>
 }
--- a/apparmor.d/groups/virt/cockpit-bridge
+++ b/apparmor.d/groups/virt/cockpit-bridge
@ -50,7 +50,6 @@ profile cockpit-bridge @{exec_path} {
        @{PROC}/1/cgroup r,
        @{PROC}/cmdline r,
        @{PROC}/diskstats r,
-        @{PROC}/sys/kernel/random/boot_id r,
        @{PROC}/uptime r,

  /dev/ptmx rw,
--- a/apparmor.d/groups/virt/cockpit-session
+++ b/apparmor.d/groups/virt/cockpit-session
@ -43,7 +43,6 @@ profile cockpit-session @{exec_path} flags=(attach_disconnected) {
  owner @{PROC}/@{pid}/loginuid rw,
  owner @{PROC}/@{pid}/uid_map r,
        @{PROC}/@{pids}/fd/ r,
-        @{PROC}/sys/kernel/random/boot_id r,

  include if exists <local/cockpit-session>
 }
--- a/apparmor.d/profiles-g-l/kwalletd5
+++ b/apparmor.d/profiles-g-l/kwalletd5
@ -48,7 +48,6 @@ profile kwalletd5 @{exec_path} {

  owner @{PROC}/@{pid}/cmdline r,
  owner @{PROC}/@{pid}/fd/ r,
-        @{PROC}/sys/kernel/random/boot_id r,
        @{PROC}/sys/kernel/core_pattern r,

  owner /tmp/kwalletd5.* rw,
--- a/apparmor.d/profiles-m-r/pwck
+++ b/apparmor.d/profiles-m-r/pwck
@ -26,7 +26,5 @@ profile pwck @{exec_path} {

  @{run}/systemd/userdb/ r,

-  @{PROC}/sys/kernel/random/boot_id r,
-
  include if exists <local/pwck>
 }
--- a/apparmor.d/profiles-m-r/qtox
+++ b/apparmor.d/profiles-m-r/qtox
@ -54,7 +54,6 @@ profile qtox @{exec_path} {

  owner @{PROC}/@{pid}/cmdline r,
        @{PROC}/sys/kernel/core_pattern r,  # for KCrash::initialize()
-        @{PROC}/sys/kernel/random/boot_id r, # for QSysInfo::bootUniqueId(), mvoe to qt5 abstraction?

  /usr/share/hwdata/pnp.ids r,

--- a/apparmor.d/profiles-s-z/su
+++ b/apparmor.d/profiles-s-z/su
@ -46,7 +46,6 @@ profile su @{exec_path} {
  /etc/shells r,

        @{PROC}/1/limits r,
-        @{PROC}/sys/kernel/random/boot_id r,
  owner @{PROC}/@{pids}/loginuid r,
  owner @{PROC}/@{pids}/cgroup r,
  owner @{PROC}/@{pids}/mountinfo r,
--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@ -79,8 +79,6 @@ profile sudo @{exec_path} {
  @{run}/systemd/userdb/ r,
  @{run}/systemd/userdb/io.systemd.DynamicUser rw,

-  @{PROC}/sys/kernel/random/boot_id r,
-
  /dev/ r,    # interactive login
  /dev/ptmx rw,