From 72227923c8987906d0c06133be23c19a8ec8b4b2 Mon Sep 17 00:00:00 2001 From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com> Date: Fri, 28 Apr 2023 18:59:33 +0200 Subject: [PATCH] run-parts: 0anacron rPUx -> rix, and some other additions The rule `/etc/cron.{hourly,daily,weekly,monthly}/0anacron rPUx, ` causes the error: `ALLOWED run-parts exec /etc/cron.hourly/0anacron info="no new privs" comm=run-parts requested_mask=x denied_mask=x class=file error=-1` --- apparmor.d/profiles-m-r/run-parts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 8065e546..307033fe 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -16,7 +16,10 @@ profile run-parts @{exec_path} { @{exec_path} mr, + /{usr/,}bin/anacron rix, /{usr/,}bin/{,ba,da}sh rix, + /{usr/,}bin/cat rix, + /{usr/,}bin/date rix, /{usr/,}bin/nice rix, /{usr/,}bin/snapper rix, @@ -25,12 +28,14 @@ profile run-parts @{exec_path} { /usr/share/update-notifier/notify-updates-outdated rPx, /etc/ r, + /etc/anacrontab r, /etc/conf.d/snapper{,**} r, + /etc/snapper/configs/root r, # Crontab /etc/cron.{hourly,daily,weekly,monthly}/ r, - /etc/cron.{hourly,daily,weekly,monthly}/0anacron rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/0anacron rix, /etc/cron.{hourly,daily,weekly,monthly}/apport rPx, /etc/cron.{hourly,daily,weekly,monthly}/apt-compat rPx, /etc/cron.{hourly,daily,weekly,monthly}/apt-listbugs rPx, @@ -126,6 +131,8 @@ profile run-parts @{exec_path} { owner /tmp/#[0-9]*[0-9] rw, owner /tmp/$anacron* rw, + + owner @{sys}/class/power_supply/ r, /dev/tty[0-9]* rw,