mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profile): use @{int} on systemd/inhibit.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-09-05 14:23:16 +01:00
parent 4e17001ce2
commit 6b191d9ada
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
38 changed files with 38 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor.d/groups/apps/signal-desktop
View File

@ -37,7 +37,7 @@ profile signal-desktop @{exec_path} {
/var/lib/dbus/machine-id r,
/etc/machine-id r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/memory.high r,

2
apparmor.d/groups/apt/apt
View File

@ -149,7 +149,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
/dev/ptmx rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
profile editor flags=(complain) {
include <abstractions/base>

2
apparmor.d/groups/apt/unattended-upgrade
View File

@ -100,7 +100,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
/var/log/apt/{term,history}.log w,
/var/log/apt/eipp.log.xz w,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/unattended-upgrades.lock rwk,
owner @{run}/unattended-upgrades.pid rw,
owner @{run}/unattended-upgrades.progress rw,

2
apparmor.d/groups/apt/unattended-upgrade-shutdown
View File

@ -25,7 +25,7 @@ profile unattended-upgrade-shutdown @{exec_path} flags=(attach_disconnected) {
owner /var/log/unattended-upgrades/*.log* rw,
owner @{run}/unattended-upgrades.lock rwk,
owner @{run}/systemd/inhibit/[0-9]*.ref rw,
owner @{run}/systemd/inhibit/@{int}.ref rw,
owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/groups/bus/dbus-system
View File

@ -53,7 +53,7 @@ profile dbus-system flags=(attach_disconnected) {
@{user_share_dirs}/icc/ r,
@{user_share_dirs}/icc/edid-@{hex32}.icc r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/systemd/notify w,
@{run}/systemd/sessions/*.ref rw,
@{run}/systemd/users/@{int} r,

2
apparmor.d/groups/freedesktop/upowerd
View File

@ -40,7 +40,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/bus/hid/devices/ r,
@{sys}/class/input/ r,

2
apparmor.d/groups/gnome/gnome-music
View File

@ -45,7 +45,7 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/grilo-plugins/ rwk,
owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{tmp}/grilo-plugin-cache-[0-9A-Z]*/ rw,
owner /var/tmp/etilqs_@{hex15} rw,

2
apparmor.d/groups/gnome/gnome-session-binary
View File

@ -84,7 +84,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/gnome-session/ rw,
owner @{user_config_dirs}/gnome-session/saved-session/ rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/systemd/sessions/* r,
@{run}/systemd/sessions/*.ref rw,
@{run}/systemd/users/@{uid} r,

2
apparmor.d/groups/gnome/gnome-shell
View File

@ -307,7 +307,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{run}/systemd/seats/seat@{int} r,
@{run}/systemd/sessions/ r,
@{run}/systemd/sessions/* r,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/tags/seat/ r,

2
apparmor.d/groups/gnome/gnome-software
View File

@ -108,7 +108,7 @@ profile gnome-software @{exec_path} {
owner /dev/shm/flatpak-com.*/ rw,
owner /dev/shm/flatpak-com.*/.flatpak-tmpdir rw,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/systemd/sessions/@{int} r,
@{run}/systemd/users/@{uid} r,

2
apparmor.d/groups/gnome/gsd-media-keys
View File

@ -96,7 +96,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/c13:@{int} r, # for /dev/input/*

2
apparmor.d/groups/gnome/gsd-power
View File

@ -64,7 +64,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+leds:* r,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/bus/ r,
@{sys}/class/ r,

2
apparmor.d/groups/kde/kde-powerdevil
View File

@ -46,7 +46,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
owner @{user_config_dirs}/powermanagementprofilesrc.lock rwk,
owner @{user_config_dirs}/powermanagementprofilesrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
owner @{run}/user/@{uid}kcrash_@{int} rw,

2
apparmor.d/groups/kde/ksmserver
View File

@ -69,7 +69,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
owner @{tmp}/@{rand6} rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
/dev/tty r,

2
apparmor.d/groups/kde/kwin_wayland
View File

@ -103,7 +103,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
owner @{user_share_dirs}/kscreen/* r,
owner @{user_share_dirs}/kwin/scripts/{,**} r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/bus/ r,
@{sys}/class/ r,

2
apparmor.d/groups/network/ModemManager
View File

@ -34,7 +34,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/n@{int} r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/bus/ r,
@{sys}/bus/usb/devices/ r,

2
apparmor.d/groups/network/NetworkManager
View File

@ -122,7 +122,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{run}/NetworkManager/{,**} rw,
@{run}/nm-*.pid rw,
@{run}/nscd/db* rwl,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/systemd/users/@{uid} r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,

2
apparmor.d/groups/network/mullvad-gui
View File

@ -32,7 +32,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
owner @{tmp}/.org.chromium.Chromium.@{rand6}/@{name}*.png rw,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
/dev/tty rw,

2
apparmor.d/groups/systemd/systemd-inhibit
View File

@ -18,7 +18,7 @@ profile systemd-inhibit @{exec_path} flags=(attach_disconnected) {
@{bin}/cat rix,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
include if exists <local/systemd-inhibit>
}

2
apparmor.d/groups/systemd/systemd-logind
View File

@ -96,7 +96,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/ rw,
@{run}/systemd/inhibit/.#* rw,
@{run}/systemd/inhibit/[0-9]*{,.ref} rw,
@{run}/systemd/inhibit/@{int}{,.ref} rw,
@{run}/systemd/journal/socket rw,
@{run}/systemd/notify rw,
@{run}/systemd/seats/ rw,

2
apparmor.d/groups/ubuntu/update-manager
View File

@ -70,7 +70,7 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/update-manager-core/{,**} rw,
@{run}/systemd/inhibit/*.ref w,
@{run}/systemd/inhibit/@{int}.ref rw,
@{PROC}/@{pids}/mountinfo r,
owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/groups/virt/libvirtd
View File

@ -157,7 +157,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/libvirt/** rwk,
@{run}/libvirtd.pid wk,
@{run}/lock/LCK.._pts_@{int} rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/systemd/notify w,
@{run}/utmp rk,

2
apparmor.d/groups/virt/virtinterfaced
View File

@ -20,7 +20,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) {
@{lib}/gconv/gconv-modules rm,
@{lib}/gconv/gconv-modules.d/{,*} r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/user/@{uid}/libvirt/common/system.token rwk,
owner @{run}/user/@{uid}/libvirt/interface/ rw,
owner @{run}/user/@{uid}/libvirt/interface/run/{,*} rwk,

2
apparmor.d/groups/virt/virtlogd
View File

@ -30,7 +30,7 @@ profile virtlogd @{exec_path} flags=(attach_disconnected) {
@{run}/libvirt/common/system.token rwk,
@{run}/libvirt/virtlogd-sock rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/virtlogd.pid rwk,
@{sys}/devices/system/node/ r,

2
apparmor.d/groups/virt/virtnetworkd
View File

@ -25,7 +25,7 @@ profile virtnetworkd @{exec_path} flags=(attach_disconnected) {
owner /var/lib/libvirt/dnsmasq/*.macs* rw,
@{run}/libvirt/network/default.pid r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/utmp rk,
owner @{run}/libvirt/common/system.token rwk,
owner @{run}/libvirt/network/{,**} rwk,

2
apparmor.d/groups/virt/virtnodedevd
View File

@ -33,7 +33,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
/etc/libvirt/virtnodedevd.conf r,
/etc/mdevctl.d/{,**} r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/libvirt/common/system.token rwk,
owner @{run}/libvirt/nodedev/ rw,
owner @{run}/libvirt/nodedev/driver.pid wk,

2
apparmor.d/groups/virt/virtsecretd
View File

@ -20,7 +20,7 @@ profile virtsecretd @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/libvirt/secrets/ rw,
owner @{user_config_dirs}/libvirt/secrets/run/{,*} rwk,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/user/@{uid}/libvirt/common/system.token rwk,
owner @{run}/user/@{uid}/libvirt/secrets/ rw,
owner @{run}/user/@{uid}/libvirt/secrets/run/{,*} rwk,

2
apparmor.d/groups/virt/virtstoraged
View File

@ -55,7 +55,7 @@ profile virtstoraged @{exec_path} flags=(attach_disconnected) {
owner @{run}/libvirt/storage/{,**} rwk,
owner @{run}/virtstoraged.pid rwk,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/utmp rwk,
@{sys}/devices/system/node/ r,

2
apparmor.d/groups/xfce/xfce-power-manager
View File

@ -21,7 +21,7 @@ profile xfce-power-manager @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/stat r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
include if exists <local/xfce-power-manager>
}

2
apparmor.d/groups/xfce/xfce-screensaver
View File

@ -25,7 +25,7 @@ profile xfce-screensaver @{exec_path} flags=(attach_disconnected) {
/etc/xdg/menus/xfce4-screensavers.menu r,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
include if exists <local/xfce-screensaver>
}

2
apparmor.d/profiles-a-f/fprintd
View File

@ -28,7 +28,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
/var/lib/fprint/{,**} rw,
@{run}/systemd/journal/socket rw,
@{run}/systemd/inhibit/*.ref w,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{sys}/class/hidraw/ r,

2
apparmor.d/profiles-a-f/fwupd
View File

@ -98,7 +98,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
@{run}/motd.d/@{int}-fwupd* rw,
@{run}/motd.d/fwupd/{,**} rw,
@{run}/mount/utab r,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/* r,
@{PROC}/@{pids}/fd/ r,

2
apparmor.d/profiles-m-r/mission-control
View File

@ -24,7 +24,7 @@ profile mission-control @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
include if exists <local/mission-control>
}

2
apparmor.d/profiles-m-r/nvtop
View File

@ -23,7 +23,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/nvtop/{,**} rw,
@{run}/systemd/inhibit/*.ref r,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card*

2
apparmor.d/profiles-m-r/packagekitd
View File

@ -93,7 +93,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
owner @{tmp}/apt-changelog-@{rand6}/.apt-acquire-privs-test.@{rand6} rw,
owner @{tmp}/packagekit* rw,
@{run}/systemd/inhibit/*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{run}/systemd/users/@{uid} r,
#aa:only opensuse

2
apparmor.d/profiles-m-r/psi
View File

@ -59,7 +59,7 @@ profile psi @{exec_path} {
owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-m-r/psi-plus
View File

@ -59,7 +59,7 @@ profile psi-plus @{exec_path} {
owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi+.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-s-z/udisksd
View File

@ -107,7 +107,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{run}/mount/utab{,.*} rwk,
@{run}/udisks2/{,**} rw,
@{run}/systemd/seats/seat@{int} r,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/cryptsetup/ r,
@{run}/cryptsetup/L* rwk,