mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 14:55:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

child-lsb_release -> lsb_release.

Browse source
This commit is contained in:
Alexandre Pujol 2021-09-15 16:30:28 +01:00
parent 2a6b2bd189
commit 6c0ae4ddc1
Failed to generate hash of commit
32 changed files with 36 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/apps/atom
View file

@ -27,7 +27,7 @@ profile atom @{exec_path} {
include <abstractions/deny-dconf> include <abstractions/deny-dconf>
include <abstractions/deny-root-dir-access> include <abstractions/deny-root-dir-access>
ptrace (read) peer=child-lsb_release, ptrace (read) peer=lsb_release,
ptrace (read) peer=xdg-settings, ptrace (read) peer=xdg-settings,
@{exec_path} mrix, @{exec_path} mrix,
@ -65,7 +65,7 @@ profile atom @{exec_path} {
/{usr/,}bin/nohup rix, /{usr/,}bin/nohup rix,
/{usr/,}bin/cat rix, /{usr/,}bin/cat rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/xdg-settings rPUx, /{usr/,}bin/xdg-settings rPUx,

4
apparmor.d/groups/apps/code
View file

@ -25,7 +25,7 @@ profile code @{exec_path} {
include <abstractions/deny-dconf> include <abstractions/deny-dconf>
include <abstractions/deny-root-dir-access> include <abstractions/deny-root-dir-access>
ptrace (read) peer=child-lsb_release, ptrace (read) peer=lsb_release,
@{exec_path} mrix, @{exec_path} mrix,
@ -47,7 +47,7 @@ profile code @{exec_path} {
#/{usr/,}bin/which{,.debianutils} rix, #/{usr/,}bin/which{,.debianutils} rix,
#/{usr/,}sbin/ifconfig rix, #/{usr/,}sbin/ifconfig rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/git rPUx, /{usr/,}bin/git rPUx,

2
apparmor.d/groups/apps/dropbox
View file

@ -117,7 +117,7 @@ profile dropbox @{exec_path} {
# External apps # External apps
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
# Allowed apps to open # Allowed apps to open
/{usr/,}lib/firefox/firefox rPUx, /{usr/,}lib/firefox/firefox rPUx,

2
apparmor.d/groups/apps/filezilla
View file

@ -27,7 +27,7 @@ profile filezilla @{exec_path} {
# When using SFTP protocol # When using SFTP protocol
/{usr/,}bin/fzsftp rPx, /{usr/,}bin/fzsftp rPx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{user_config_dirs}/filezilla/ rw, owner @{user_config_dirs}/filezilla/ rw,

2
apparmor.d/groups/apps/thunderbird
View file

@ -166,7 +166,7 @@ profile thunderbird @{exec_path} {
# Silencer # Silencer
deny /{usr/,}lib/thunderbird/** w, deny /{usr/,}lib/thunderbird/** w,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/exo-open rCx -> open, /{usr/,}bin/exo-open rCx -> open,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,

2
apparmor.d/groups/apt/apt-listbugs
View file

@ -49,7 +49,7 @@ profile apt-listbugs @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/groups/apt/apt-listchanges
View file

@ -68,7 +68,7 @@ profile apt-listchanges @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/groups/apt/command-not-found
View file

@ -17,7 +17,7 @@ profile command-not-found @{exec_path} {
@{exec_path} r, @{exec_path} r,
/{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/python3.[0-9]* r,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/var/lib/command-not-found/commands.db rwk, /var/lib/command-not-found/commands.db rwk,

2
apparmor.d/groups/apt/dpkg-preconfigure
View file

@ -42,7 +42,7 @@ profile dpkg-preconfigure @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/groups/apt/reportbug
View file

@ -54,7 +54,7 @@ profile reportbug @{exec_path} {
# #
/{usr/,}{s,}bin/exim4 rPx, /{usr/,}{s,}bin/exim4 rPx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/dpkg rPx -> child-dpkg, /{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}bin/systemctl rPx -> child-systemctl, /{usr/,}bin/systemctl rPx -> child-systemctl,
/{usr/,}bin/pager rPx -> child-pager, /{usr/,}bin/pager rPx -> child-pager,

2
apparmor.d/groups/apt/synaptic
View file

@ -96,7 +96,7 @@ profile synaptic @{exec_path} {
/{usr/,}sbin/update-command-not-found rPx, /{usr/,}sbin/update-command-not-found rPx,
/usr/share/command-not-found/cnf-update-db rPx, /usr/share/command-not-found/cnf-update-db rPx,
/{usr/,}sbin/update-apt-xapian-index rPx, /{usr/,}sbin/update-apt-xapian-index rPx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/deborphan rPx, /{usr/,}bin/deborphan rPx,
/{usr/,}bin/tasksel rPx, /{usr/,}bin/tasksel rPx,
/{usr/,}bin/pkexec rPx, /{usr/,}bin/pkexec rPx,

2
apparmor.d/groups/browsers/brave
View file

@ -67,7 +67,7 @@ profile brave @{exec_path} {
# For storing passwords externally # For storing passwords externally
/{usr/,}bin/keepassxc-proxy rPUx, /{usr/,}bin/keepassxc-proxy rPUx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
# no new privs # no new privs
#deny /{usr/,}bin/xdg-desktop-menu rx, #deny /{usr/,}bin/xdg-desktop-menu rx,

4
apparmor.d/groups/browsers/chromium-chromium
View file

@ -40,7 +40,7 @@ profile chromium-chromium @{exec_path} {
ptrace (trace) peer=@{profile_name}, ptrace (trace) peer=@{profile_name},
ptrace (read) peer=xdg-settings, ptrace (read) peer=xdg-settings,
ptrace (read) peer=keepassxc-proxy, ptrace (read) peer=keepassxc-proxy,
ptrace (read) peer=child-lsb_release, ptrace (read) peer=lsb_release,
signal (send) set=(term, kill) peer=keepassxc-proxy, signal (send) set=(term, kill) peer=keepassxc-proxy,
@ -59,7 +59,7 @@ profile chromium-chromium @{exec_path} {
/{usr/,}bin/keepassxc-proxy rPUx, /{usr/,}bin/keepassxc-proxy rPUx,
/{usr/,}bin/browserpass rPx, /{usr/,}bin/browserpass rPx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-mime rPUx, /{usr/,}bin/xdg-mime rPUx,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/xdg-settings rPUx, /{usr/,}bin/xdg-settings rPUx,

2
apparmor.d/groups/browsers/firefox
View file

@ -179,7 +179,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/keepassxc-proxy rPUx, # For storing passwords externally /{usr/,}bin/keepassxc-proxy rPUx, # For storing passwords externally
/{usr/,}bin/browserpass rPx, /{usr/,}bin/browserpass rPx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/exo-open rCx -> open, /{usr/,}bin/exo-open rCx -> open,

2
apparmor.d/groups/browsers/google-chrome-chrome
View file

@ -59,7 +59,7 @@ profile google-chrome-chrome @{exec_path} {
# For storing passwords externally # For storing passwords externally
/{usr/,}bin/keepassxc-proxy rPUx, /{usr/,}bin/keepassxc-proxy rPUx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# no new privs # no new privs

2
apparmor.d/groups/browsers/opera
View file

@ -55,7 +55,7 @@ profile opera @{exec_path} {
@{OPERA_INSTALLDIR}/opera_crashreporter rPx, @{OPERA_INSTALLDIR}/opera_crashreporter rPx,
@{OPERA_INSTALLDIR}/opera_autoupdate krix, @{OPERA_INSTALLDIR}/opera_autoupdate krix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-mime rPUx, /{usr/,}bin/xdg-mime rPUx,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/xdg-settings rPUx, /{usr/,}bin/xdg-settings rPUx,

2
apparmor.d/profiles-a-l/adequate
View file

@ -91,7 +91,7 @@ profile adequate @{exec_path} flags=(complain) {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/amarok
View file

@ -68,7 +68,7 @@ profile amarok @{exec_path} {
/{usr/,}bin/knotify4 rPUx, /{usr/,}bin/knotify4 rPUx,
/{usr/,}bin/ffmpeg rPUx, /{usr/,}bin/ffmpeg rPUx,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
# Which media files Amarok should be able to open # Which media files Amarok should be able to open
/ r, / r,

2
apparmor.d/profiles-a-l/anki
View file

@ -41,7 +41,7 @@ profile anki @{exec_path} {
/{usr/,}{s,}bin/ldconfig rix, /{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/ r, /{usr/,}bin/ r,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/mpv rCx -> mpv, /{usr/,}bin/mpv rCx -> mpv,
# For recording sounds while creating decks # For recording sounds while creating decks

2
apparmor.d/profiles-a-l/aspell-autobuildhash
View file

@ -63,7 +63,7 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/check-support-status-hook
View file

@ -84,7 +84,7 @@ profile check-support-status-hook @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/dkms
View file

@ -54,7 +54,7 @@ profile dkms @{exec_path} {
/{usr/,}lib/llvm-[0-9]*/bin/clang rix, /{usr/,}lib/llvm-[0-9]*/bin/clang rix,
/{usr/,}bin/kmod rCx -> kmod, /{usr/,}bin/kmod rCx -> kmod,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}lib/linux-kbuild-*/scripts/** rix, /{usr/,}lib/linux-kbuild-*/scripts/** rix,
/{usr/,}lib/modules/*/build/scripts/** rix, /{usr/,}lib/modules/*/build/scripts/** rix,

2
apparmor.d/profiles-a-l/frontend
View file

@ -69,7 +69,7 @@ profile frontend @{exec_path} flags=(complain) {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/hardinfo
View file

@ -48,7 +48,7 @@ profile hardinfo @{exec_path} {
/{usr/,}bin/valgrind{,.bin} rix, /{usr/,}bin/valgrind{,.bin} rix,
/{usr/,}lib/@{multiarch}/valgrind/memcheck-*-linux rix, /{usr/,}lib/@{multiarch}/valgrind/memcheck-*-linux rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/ccache rCx -> ccache, /{usr/,}bin/ccache rCx -> ccache,
/{usr/,}bin/kmod rCx -> kmod, /{usr/,}bin/kmod rCx -> kmod,

2
apparmor.d/profiles-a-l/hw-probe
View file

@ -33,7 +33,7 @@ profile hw-probe @{exec_path} {
/{usr/,}bin/efivar rix, /{usr/,}bin/efivar rix,
/{usr/,}bin/efibootmgr rix, /{usr/,}bin/efibootmgr rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/dpkg rPx -> child-dpkg, /{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}{s,}bin/dkms rPx, /{usr/,}{s,}bin/dkms rPx,

2
apparmor.d/profiles-a-l/kodi
View file

@ -35,7 +35,7 @@ profile kodi @{exec_path} {
/{usr/,}bin/dirname rix, /{usr/,}bin/dirname rix,
/{usr/,}{s,}bin/ldconfig rix, /{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/df rCx -> df, /{usr/,}bin/df rCx -> df,
/usr/share/kodi/{,**} r, /usr/share/kodi/{,**} r,

55
apparmor.d/profiles-a-l/lsb_release
View file

@ -1,55 +0,0 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only
# Note: This profile does not specify an attachment path because it is
# intended to be used only via "Px -> lsb_release" exec transitions from
# other profiles. We want to confine the lsb_release(1) utility when it
# is invoked from other confined applications, but not when it is used
# in regular (unconfined) shell scripts or run directly by the user.
abi <abi/3.0>,
include <tunables/global>
# Do not attach to /{usr/,}bin/lsb_release by default
profile lsb_release {
include <abstractions/base>
include <abstractions/python>
owner @{PROC}/@{pid}/fd/ r,
/dev/tty rw,
/usr/bin/lsb_release r,
/usr/bin/python3.{1,}[0-9] mr,
/etc/debian_version r,
/etc/default/apport r,
/etc/dpkg/origins/** r,
/etc/lsb-release r,
/etc/lsb-release.d/ r,
/{usr/,}bin/bash ixr,
/{usr/,}bin/dash ixr,
/usr/bin/basename ixr,
/usr/bin/dpkg-query ixr,
/usr/bin/getopt ixr,
/usr/bin/sed ixr,
/usr/bin/tr ixr,
# TODO - many more permissions needed for this to work
deny /usr/bin/apt-cache x,
/usr/bin/ r,
/usr/include/python*/pyconfig.h r,
/usr/share/distro-info/** r,
/usr/share/dpkg/** r,
/usr/share/terminfo/** r,
/var/lib/dpkg/** r,
# file_inherit
deny /tmp/gtalkplugin.log w,
include if exists <local/lsb_release>
}

2
apparmor.d/profiles-m-z/mumble
View file

@ -35,7 +35,7 @@ profile mumble @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# Mumble home files # Mumble home files

2
apparmor.d/profiles-m-z/pam-auth-update
View file

@ -52,7 +52,7 @@ profile pam-auth-update @{exec_path} flags=(complain) {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

4
apparmor.d/profiles-m-z/psi
View file

@ -27,7 +27,7 @@ profile psi @{exec_path} {
include <abstractions/thumbnails-cache-read> include <abstractions/thumbnails-cache-read>
include <abstractions/deny-root-dir-access> include <abstractions/deny-root-dir-access>
signal (send) set=(term, kill) peer=child-lsb_release, signal (send) set=(term, kill) peer=lsb_release,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -37,7 +37,7 @@ profile psi @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# Needed for GPG/PGP support # Needed for GPG/PGP support

4
apparmor.d/profiles-m-z/psi-plus
View file

@ -27,7 +27,7 @@ profile psi-plus @{exec_path} {
include <abstractions/thumbnails-cache-read> include <abstractions/thumbnails-cache-read>
include <abstractions/deny-root-dir-access> include <abstractions/deny-root-dir-access>
signal (send) set=(term, kill) peer=child-lsb_release, signal (send) set=(term, kill) peer=lsb_release,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -37,7 +37,7 @@ profile psi-plus @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# Needed for GPG/PGP support # Needed for GPG/PGP support

2
apparmor.d/profiles-m-z/ucf
View file

@ -105,7 +105,7 @@ profile ucf @{exec_path} flags=(complain) {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
capability dac_read_search, capability dac_read_search,
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/hostname rix, /{usr/,}bin/hostname rix,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,