diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index 36e0cf78..a03d64a2 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -23,6 +23,8 @@ /var/lib/extrausers/passwd r, @{run}/nscd/db* r, + @{run}/resolvconf/resolv.conf r, + @{run}/systemd/resolve/resolv.conf r, @{run}/systemd/resolve/stub-resolv.conf r, # NSS records from systemd-userdbd.service diff --git a/apparmor.d/groups/apt/apt-methods-http b/apparmor.d/groups/apt/apt-methods-http index 0282cf3d..814f2bb3 100644 --- a/apparmor.d/groups/apt/apt-methods-http +++ b/apparmor.d/groups/apt/apt-methods-http @@ -70,7 +70,6 @@ profile apt-methods-http @{exec_path} { owner /tmp/apt-changelog-*/*.changelog rw, @{run}/ubuntu-advantage/aptnews.json rw, - @{run}/resolvconf/resolv.conf r, @{PROC}/1/cgroup r, @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index 72ea7e0c..5e8e277d 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -114,7 +114,6 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { /var/log/apt/{term,history}.log w, /var/log/apt/eipp.log.xz w, - @{run}/resolvconf/resolv.conf r, @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{run}/unattended-upgrades.lock rwk, owner @{run}/unattended-upgrades.pid rw, diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index f82e89fb..648ac732 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -93,7 +93,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) { @{run}/motd.d/{,*} r, @{run}/motd.dynamic rw, @{run}/motd.dynamic.new rw, - @{run}/resolvconf/resolv.conf r, @{run}/systemd/notify w, @{run}/systemd/sessions/*.ref rw, owner @{run}/sshd{,.init}.pid wl, diff --git a/apparmor.d/profiles-a-f/agetty b/apparmor.d/profiles-a-f/agetty index 7a554592..a901ec33 100644 --- a/apparmor.d/profiles-a-f/agetty +++ b/apparmor.d/profiles-a-f/agetty @@ -33,7 +33,6 @@ profile agetty @{exec_path} { /etc/os-release r, /usr/etc/login.defs r, - @{run}/resolvconf/resolv.conf r, owner @{run}/agetty.reload rw, /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-a-f/etckeeper b/apparmor.d/profiles-a-f/etckeeper index bf93ebb4..a18098a3 100644 --- a/apparmor.d/profiles-a-f/etckeeper +++ b/apparmor.d/profiles-a-f/etckeeper @@ -57,8 +57,6 @@ profile etckeeper @{exec_path} { owner @{HOME}/.netrc r, owner @{user_config_dirs}/git/{,*} rw, - @{run}/resolvconf/resolv.conf r, - owner /tmp/etckeeper-git* rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index 2695bd44..9d5138cb 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -35,7 +35,6 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) { @{run}/fail2ban/fail2ban.pid rw, @{run}/fail2ban/fail2ban.sock rw, - @{run}/resolvconf/resolv.conf r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-g-l/hostname b/apparmor.d/profiles-g-l/hostname index 8134a23a..7e6725f1 100644 --- a/apparmor.d/profiles-g-l/hostname +++ b/apparmor.d/profiles-g-l/hostname @@ -20,8 +20,6 @@ profile hostname @{exec_path} { @{exec_path} mr, - @{run}/resolvconf/resolv.conf r, - deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, include if exists diff --git a/apparmor.d/profiles-m-r/nullmailer-send b/apparmor.d/profiles-m-r/nullmailer-send index 0287fb7d..4b47701d 100644 --- a/apparmor.d/profiles-m-r/nullmailer-send +++ b/apparmor.d/profiles-m-r/nullmailer-send @@ -21,7 +21,5 @@ profile nullmailer-send @{exec_path} { /var/spool/nullmailer/{,**} rw, - @{run}/resolvconf/resolv.conf r, - include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index dd9d7f60..fefe8a10 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -81,7 +81,6 @@ profile sudo @{exec_path} { @{run}/ r, @{run}/faillock/{,*} rwk, - @{run}/resolvconf/resolv.conf r, @{run}/systemd/sessions/* r, owner @{run}/sudo/ rw, owner @{run}/sudo/ts/ rw,