mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Archlinux has no sbin.

Browse source 
sbin -> {s,}bin for Archlinux support.
Purposelly not replaced on Debian only programs
This commit is contained in:
Alexandre Pujol 2021-04-01 23:15:47 +01:00
parent f571269a2d
commit 79904cb616
Failed to generate hash of commit
158 changed files with 254 additions and 253 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/abstractions/app-launcher-root
View file

@ -7,5 +7,5 @@
# Root app location
/ r,
/usr/ r,
/{usr/,}sbin/ r,
/{usr/,}sbin/[a-z0-9]* rPUx,
/{usr/,}{s,}bin/ r,
/{usr/,}{s,}bin/[a-z0-9]* rPUx,

2
apparmor.d/groups/apps/android-studio
View file

@ -64,7 +64,7 @@ profile android-studio @{exec_path} {
/{usr/,}bin/cat rix,
/{usr/,}bin/sed rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/chmod rix,
/{usr/,}bin/chattr rix,
/{usr/,}bin/setsid rix,

2
apparmor.d/groups/apps/calibre
View file

@ -60,7 +60,7 @@ profile calibre @{exec_path} {
#/{usr/,}bin/ r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/uname rix,
/{usr/,}bin/file rix,

2
apparmor.d/groups/apps/code
View file

@ -45,7 +45,7 @@ profile code @{exec_path} {
#/{usr/,}bin/id rix,
#/{usr/,}bin/readlink rix,
#/{usr/,}bin/which rix,
#/{usr/,}sbin/ifconfig rix,
#/{usr/,}{s,}bin/ifconfig rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release,

2
apparmor.d/groups/apps/dropbox
View file

@ -55,7 +55,7 @@ profile dropbox @{exec_path} {
/{usr/,}bin/readlink rix,
/{usr/,}bin/dirname rix,
/{usr/,}bin/uname rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/{,@{multiarch}-}gcc-[0-9]* rix,
/{usr/,}bin/{,@{multiarch}-}objdump rix,

12
apparmor.d/profiles-a-l/adduser
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/add{user,group}
@{exec_path} = /{usr/,}{s,}bin/add{user,group}
profile adduser @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -35,11 +35,11 @@ profile adduser @{exec_path} {
/{usr/,}bin/find rix,
/{usr/,}bin/rm rix,
/{usr/,}sbin/useradd rPx,
/{usr/,}sbin/userdel rPx,
/{usr/,}sbin/groupdel rPx,
/{usr/,}sbin/groupadd rPx,
/{usr/,}sbin/usermod rPx,
/{usr/,}{s,}bin/useradd rPx,
/{usr/,}{s,}bin/userdel rPx,
/{usr/,}{s,}bin/groupdel rPx,
/{usr/,}{s,}bin/groupadd rPx,
/{usr/,}{s,}bin/usermod rPx,
/{usr/,}bin/passwd rPx,
/{usr/,}bin/gpasswd rPx,
/{usr/,}bin/chfn rPx,

4
apparmor.d/profiles-a-l/adequate
View file

@ -18,7 +18,7 @@ profile adequate @{exec_path} flags=(complain) {
@{exec_path} r,
/{usr/,}bin/perl r,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
# It wants to ldd all binaries/libs in packages.
/{usr/,}bin/ldd rCx -> ldd,
@ -53,7 +53,7 @@ profile adequate @{exec_path} flags=(complain) {
/{usr/,}bin/ldd mr,
/{usr/,}bin/* mr,
/{usr/,}sbin/* mr,
/{usr/,}{s,}bin/* mr,
/usr/games/* mr,
/{usr/,}lib{,x}{,32,64}/** mr,
/{usr/,}lib/@{multiarch}/** mr,

2
apparmor.d/profiles-a-l/anki
View file

@ -31,7 +31,7 @@ profile anki @{exec_path} {
@{exec_path} r,
/{usr/,}bin/python3.[0-9]* r,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/ r,
/{usr/,}bin/lsb_release rPx -> child-lsb_release,

2
apparmor.d/profiles-a-l/atftpd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/atftpd
@{exec_path} = /{usr/,}{s,}bin/atftpd
profile atftpd @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice>

2
apparmor.d/profiles-a-l/badblocks
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/badblocks
@{exec_path} = /{usr/,}{s,}bin/badblocks
profile badblocks @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-a-l/biosdecode
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/biosdecode
@{exec_path} = /{usr/,}{s,}bin/biosdecode
profile biosdecode @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/blkid
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/blkid
@{exec_path} = /{usr/,}{s,}bin/blkid
profile blkid @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/blockdev
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/blockdev
@{exec_path} = /{usr/,}{s,}bin/blockdev
profile blockdev @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>

2
apparmor.d/profiles-a-l/cfdisk
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/cfdisk
@{exec_path} = /{usr/,}{s,}bin/cfdisk
profile cfdisk @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-a-l/cgdisk
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/cgdisk
@{exec_path} = /{usr/,}{s,}bin/cgdisk
profile cgdisk @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-a-l/cgrulesengd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/cgrulesengd
@{exec_path} = /{usr/,}{s,}bin/cgrulesengd
profile cgrulesengd @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

4
apparmor.d/profiles-a-l/check-bios-nx
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/check-bios-nx
@{exec_path} = /{usr/,}{s,}bin/check-bios-nx
profile check-bios-nx @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -24,7 +24,7 @@ profile check-bios-nx @{exec_path} {
/{usr/,}bin/kmod rCx -> kmod,
/{usr/,}sbin/rdmsr rPx,
/{usr/,}{s,}bin/rdmsr rPx,
owner @{PROC}/@{pid}/fd/2 w,

2
apparmor.d/profiles-a-l/claws-mail
View file

@ -34,7 +34,7 @@ profile claws-mail @{exec_path} flags=(complain) {
/{usr/,}bin/orage rPUx,
# For sending local mails
/{usr/,}sbin/exim4 rPUx,
/{usr/,}{s,}bin/exim4 rPUx,
# For editing in an external editor
/{usr/,}bin/geany rPUx,

2
apparmor.d/profiles-a-l/cppw-cpgr
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/cp{pw,gr}
@{exec_path} = /{usr/,}{s,}bin/cp{pw,gr}
profile cppw-cpgr @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/crda
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/crda
@{exec_path} = /{usr/,}{s,}bin/crda
profile crda @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/ddclient
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ddclient
@{exec_path} = /{usr/,}{s,}bin/ddclient
profile ddclient @{exec_path} {
include <abstractions/base>
include <abstractions/perl>

2
apparmor.d/profiles-a-l/debsecan
View file

@ -27,7 +27,7 @@ profile debsecan @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
# Send results using email
/{usr/,}sbin/exim4 rPx,
/{usr/,}{s,}bin/exim4 rPx,
/etc/apt/apt.conf.d/{,*} r,
/etc/apt/apt.conf r,

6
apparmor.d/profiles-a-l/deluser
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/del{user,group}
@{exec_path} = /{usr/,}{s,}bin/del{user,group}
profile deluser @{exec_path} {
include <abstractions/base>
include <abstractions/perl>
@ -24,8 +24,8 @@ profile deluser @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/userdel rPx,
/{usr/,}sbin/groupdel rPx,
/{usr/,}{s,}bin/userdel rPx,
/{usr/,}{s,}bin/groupdel rPx,
/{usr/,}bin/gpasswd rPx,
/{usr/,}bin/crontab rPx,

4
apparmor.d/profiles-a-l/dhclient
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/dhclient
@{exec_path} = /{usr/,}{s,}bin/dhclient
profile dhclient @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
@ -32,7 +32,7 @@ profile dhclient @{exec_path} {
@{exec_path} mr,
# To run dhclient scripts
/{usr/,}sbin/dhclient-script rPx,
/{usr/,}{s,}bin/dhclient-script rPx,
/etc/dhclient.conf r,
/etc/dhcp/{,**} r,

6
apparmor.d/profiles-a-l/dhclient-script
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/dhclient-script
@{exec_path} = /{usr/,}{s,}bin/dhclient-script
profile dhclient-script @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice>
@ -37,7 +37,7 @@ profile dhclient-script @{exec_path} {
owner /tmp/dhclient-script.debug rw,
# For ddclient script
/{usr/,}sbin/ddclient rPx,
/{usr/,}{s,}bin/ddclient rPx,
/etc/default/ddclient r,
/{usr/,}bin/logger rix,
@ -67,7 +67,7 @@ profile dhclient-script @{exec_path} {
/etc/resolv.conf rw,
# For stable-privacy addresses
/{usr/,}sbin/sysctl rix,
/{usr/,}{s,}bin/sysctl rix,
/{usr/,}bin/head rix,
/{usr/,}bin/xxd rix,
/{usr/,}bin/paste rix,

2
apparmor.d/profiles-a-l/dkms
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/dkms
@{exec_path} = /{usr/,}{s,}bin/dkms
profile dkms @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/dkms-autoinstaller
View file

@ -17,7 +17,7 @@ profile dkms-autoinstaller @{exec_path} {
/{usr/,}bin/readlink rix,
/{usr/,}bin/tput rix,
/{usr/,}sbin/dkms rPx,
/{usr/,}{s,}bin/dkms rPx,
/{usr/,}bin/run-parts rCx -> run-parts,
/{usr/,}bin/systemctl rPx -> child-systemctl,

2
apparmor.d/profiles-a-l/dmidecode
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/dmidecode
@{exec_path} = /{usr/,}{s,}bin/dmidecode
profile dmidecode @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/dnscrypt-proxy
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/dnscrypt-proxy
@{exec_path} = /{usr/,}{s,}bin/dnscrypt-proxy
profile dnscrypt-proxy @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-a-l/dumpe2fs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{dumpe2fs,e2mmpstatus}
@{exec_path} = /{usr/,}{s,}bin/{dumpe2fs,e2mmpstatus}
profile dumpe2fs @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>

4
apparmor.d/profiles-a-l/e2fsck
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{e2fsck,fsck.ext2,fsck.ext3,fsck.ext4}
@{exec_path} = /{usr/,}{s,}bin/{e2fsck,fsck.ext2,fsck.ext3,fsck.ext4}
profile e2fsck @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>
@ -16,7 +16,7 @@ profile e2fsck @{exec_path} {
# To check for badblocks
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/badblocks rPx,
/{usr/,}{s,}bin/badblocks rPx,
owner @{run}/blkid/blkid.tab{,-*} rw,
owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,

2
apparmor.d/profiles-a-l/e2image
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/e2image
@{exec_path} = /{usr/,}{s,}bin/e2image
profile e2image @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-a-l/exim4
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/exim4
@{exec_path} = /{usr/,}{s,}bin/exim4
profile exim4 @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/f3fix
View file

@ -27,7 +27,7 @@ profile f3fix @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}{s,}bin/dmidecode rPx,
/{usr/,}bin/udevadm rCx -> udevadm,

2
apparmor.d/profiles-a-l/fatlabel
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/fatlabel
@{exec_path} = /{usr/,}{s,}bin/fatlabel
profile fatlabel @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

4
apparmor.d/profiles-a-l/fatresize
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/fatresize
@{exec_path} = /{usr/,}{s,}bin/fatresize
profile fatresize @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>
@ -25,7 +25,7 @@ profile fatresize @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}{s,}bin/dmidecode rPx,
/{usr/,}bin/udevadm rCx -> udevadm,

2
apparmor.d/profiles-a-l/fdisk
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/fdisk
@{exec_path} = /{usr/,}{s,}bin/fdisk
profile fdisk @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

4
apparmor.d/profiles-a-l/filecap
View file

@ -14,8 +14,8 @@ profile filecap @{exec_path} {
@{exec_path} mr,
# The default behavior is to check only the directories in the PATH environmental variable.
/{usr/,}sbin/ r,
/{usr/,}sbin/* r,
/{usr/,}{s,}bin/ r,
/{usr/,}{s,}bin/* r,
/{usr/,}bin/ r,
/{usr/,}bin/* r,
/usr/local/sbin/ r,

6
apparmor.d/profiles-a-l/fsck
View file

@ -6,15 +6,15 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/fsck
@{exec_path} = /{usr/,}{s,}bin/fsck
profile fsck @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>
@{exec_path} mr,
/{usr/,}sbin/e2fsck rPx,
/{usr/,}sbin/fsck.* rPx,
/{usr/,}{s,}bin/e2fsck rPx,
/{usr/,}{s,}bin/fsck.* rPx,
/etc/fstab r,

2
apparmor.d/profiles-a-l/fsck-btrfs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/fsck.btrfs
@{exec_path} = /{usr/,}{s,}bin/fsck.btrfs
profile fsck-btrfs @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/fsck-fat
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{fsck.fat,fsck.msdos,fsck.vfat,dosfsck}
@{exec_path} = /{usr/,}{s,}bin/{fsck.fat,fsck.msdos,fsck.vfat,dosfsck}
profile fsck-fat @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-a-l/gajim
View file

@ -35,7 +35,7 @@ profile gajim @{exec_path} {
/{usr/,}bin/ r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/uname rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
# To play sounds
/{usr/,}bin/aplay rCx -> audio,

2
apparmor.d/profiles-a-l/gdisk
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/gdisk
@{exec_path} = /{usr/,}{s,}bin/gdisk
profile gdisk @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

12
apparmor.d/profiles-a-l/gparted
View file

@ -6,15 +6,15 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/gparted
@{exec_path} = /{usr/,}{s,}bin/gparted
profile gparted @{exec_path} {
include <abstractions/base>
@{exec_path} r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/ r,
/{usr/,}sbin/gpartedbin rPx,
/{usr/,}{s,}bin/ r,
/{usr/,}{s,}bin/gpartedbin rPx,
/{usr/,}bin/ r,
/{usr/,}bin/{,e}grep rix,
@ -26,12 +26,12 @@ profile gparted @{exec_path} {
/{usr/,}bin/gawk rix,
/{usr/,}lib/udisks2/udisks2-inhibit rix,
/usr/libexec/udisks2/udisks2-inhibit rix,
/usr/{lib,libexec}/udisks2/udisks2-inhibit rix,
@{run}/udev/rules.d/ rw,
@{run}/udev/rules.d/90-udisks-inhibit.rules rw,
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}sbin/killall5 rCx -> killall,
/{usr/,}{s,}bin/killall5 rCx -> killall,
/{usr/,}bin/ps rPx,
/{usr/,}bin/xhost rPx,
@ -82,7 +82,7 @@ profile gparted @{exec_path} {
ptrace (read),
/{usr/,}sbin/killall5 mr,
/{usr/,}{s,}bin/killall5 mr,
# The /proc/ dir is needed to avoid the following error:
# /proc: Permission denied

50
apparmor.d/profiles-a-l/gpartedbin
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/gpartedbin
@{exec_path} = /{usr/,}{s,}bin/gpartedbin
profile gpartedbin @{exec_path} {
include <abstractions/base>
include <abstractions/gtk>
@ -39,29 +39,29 @@ profile gpartedbin @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}sbin/hdparm rPx,
/{usr/,}sbin/blkid rPx,
/{usr/,}{s,}bin/dmidecode rPx,
/{usr/,}{s,}bin/hdparm rPx,
/{usr/,}{s,}bin/blkid rPx,
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}bin/mount rCx -> mount,
/{usr/,}bin/umount rCx -> umount,
# RAID
/{usr/,}sbin/dmraid rPUx,
/{usr/,}{s,}bin/dmraid rPUx,
# Device mapper
/{usr/,}sbin/dmsetup rPUx,
/{usr/,}{s,}bin/dmsetup rPUx,
# LVM
/{usr/,}sbin/lvm rPUx,
/{usr/,}{s,}bin/lvm rPUx,
# NTFS
# The following tools link to mkntfs:
# mkfs.ntfs
/{usr/,}sbin/mkntfs rPx,
/{usr/,}sbin/ntfslabel rPx,
/{usr/,}sbin/ntfsresize rPx,
/{usr/,}{s,}bin/mkntfs rPx,
/{usr/,}{s,}bin/ntfslabel rPx,
/{usr/,}{s,}bin/ntfsresize rPx,
/{usr/,}bin/ntfsinfo rPx,
# FAT16/32
@ -73,41 +73,41 @@ profile gpartedbin @{exec_path} {
/{usr/,}bin/mtools rPx,
# The following tools link to mkfs.fat:
# mkdosfs, mkfs.msdos, mkfs.vfat
/{usr/,}sbin/mkfs.fat rPx,
/{usr/,}{s,}bin/mkfs.fat rPx,
# The following tools link to fsck.fat:
# dosfsck, fsck.msdos, fsck.vfat
/{usr/,}sbin/fsck.fat rPx,
/{usr/,}{s,}bin/fsck.fat rPx,
# EXT2/3/4
# The following tools link to mke2fs:
# mkfs.ext2, mkfs.ext3, mkfs.ext4
/{usr/,}sbin/mke2fs rPx,
/{usr/,}{s,}bin/mke2fs rPx,
# The following tools link to e2fsck:
# fsck.ext2, fsck.ext3, fsck.ext4
/{usr/,}sbin/e2fsck rPx,
/{usr/,}sbin/resize2fs rPx,
/{usr/,}{s,}bin/e2fsck rPx,
/{usr/,}{s,}bin/resize2fs rPx,
# The following tools link to dumpe2fs:
# e2mmpstatus
/{usr/,}sbin/dumpe2fs rPx,
/{usr/,}{s,}bin/dumpe2fs rPx,
# The following tools link to tune2fs:
# e2label
/{usr/,}sbin/tune2fs rPx,
/{usr/,}sbin/e2image rPx,
/{usr/,}{s,}bin/tune2fs rPx,
/{usr/,}{s,}bin/e2image rPx,
# BTRFS
/{usr/,}sbin/mkfs.btrfs rPx,
/{usr/,}{s,}bin/mkfs.btrfs rPx,
# The following tools link to btrfs:
# btrfsck
/{usr/,}bin/btrfs rPx,
/{usr/,}bin/btrfstune rPx,
/{usr/,}sbin/fsck.btrfs rPx,
/{usr/,}sbin/mkfs.btrfs rPx,
/{usr/,}{s,}bin/fsck.btrfs rPx,
/{usr/,}{s,}bin/mkfs.btrfs rPx,
# SWAP
/{usr/,}sbin/mkswap rPx,
/{usr/,}sbin/swaplabel rPx,
/{usr/,}sbin/swapon rPx,
/{usr/,}sbin/swapoff rPx,
/{usr/,}{s,}bin/mkswap rPx,
/{usr/,}{s,}bin/swaplabel rPx,
/{usr/,}{s,}bin/swapon rPx,
/{usr/,}{s,}bin/swapoff rPx,
/{usr/,}bin/xdg-open rCx -> open,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,

2
apparmor.d/profiles-a-l/groupadd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/groupadd
@{exec_path} = /{usr/,}{s,}bin/groupadd
profile groupadd @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/groupdel
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/groupdel
@{exec_path} = /{usr/,}{s,}bin/groupdel
profile groupdel @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/groupmod
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/groupmod
@{exec_path} = /{usr/,}{s,}bin/groupmod
profile groupmod @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/grpck
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/grpck
@{exec_path} = /{usr/,}{s,}bin/grpck
profile grpck @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

4
apparmor.d/profiles-a-l/gsmartcontrol
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/gsmartcontrol
@{exec_path} = /{usr/,}{s,}bin/gsmartcontrol
profile gsmartcontrol @{exec_path} {
include <abstractions/base>
include <abstractions/gtk>
@ -23,7 +23,7 @@ profile gsmartcontrol @{exec_path} {
@{exec_path} mr,
/{usr/,}sbin/smartctl rPx,
/{usr/,}{s,}bin/smartctl rPx,
/{usr/,}bin/xterm rCx -> terminal,
# When gsmartcontrol is run as root, it wants to exec dbus-launch, and hence it creates the two

2
apparmor.d/profiles-a-l/hardinfo
View file

@ -44,7 +44,7 @@ profile hardinfo @{exec_path} {
/{usr/,}bin/gdb rix,
/{usr/,}bin/last rix,
/{usr/,}bin/iconv rix,
/{usr/,}sbin/route rix,
/{usr/,}{s,}bin/route rix,
/{usr/,}bin/valgrind{,.bin} rix,
/{usr/,}lib/@{multiarch}/valgrind/memcheck-*-linux rix,

2
apparmor.d/profiles-a-l/hddtemp
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/hddtemp
@{exec_path} = /{usr/,}{s,}bin/hddtemp
profile hddtemp @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/hdparm
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/hdparm
@{exec_path} = /{usr/,}{s,}bin/hdparm
profile hdparm @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/disks-read>

36
apparmor.d/profiles-a-l/hw-probe
View file

@ -36,19 +36,19 @@ profile hw-probe @{exec_path} {
/{usr/,}bin/lsb_release rPx -> child-lsb_release,
/{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}sbin/dkms rPx,
/{usr/,}sbin/fdisk rPx,
/{usr/,}{s,}bin/dkms rPx,
/{usr/,}{s,}bin/fdisk rPx,
/{usr/,}bin/upower rPx,
/{usr/,}sbin/hdparm rPx,
/{usr/,}sbin/smartctl rPx,
/{usr/,}{s,}bin/hdparm rPx,
/{usr/,}{s,}bin/smartctl rPx,
/{usr/,}bin/sensors rPx,
/{usr/,}bin/lsblk rPx,
/{usr/,}bin/dmesg rPx,
/{usr/,}bin/hciconfig rPx,
/{usr/,}bin/uptime rPx,
/{usr/,}sbin/rfkill rPx,
/{usr/,}sbin/biosdecode rPx,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}{s,}bin/rfkill rPx,
/{usr/,}{s,}bin/biosdecode rPx,
/{usr/,}{s,}bin/dmidecode rPx,
/{usr/,}bin/edid-decode rPx,
/{usr/,}bin/cpupower rPx,
/{usr/,}bin/acpi rPx,
@ -56,11 +56,11 @@ profile hw-probe @{exec_path} {
/{usr/,}bin/lscpu rPx,
/{usr/,}bin/lsusb rPx,
/{usr/,}bin/usb-devices rPx,
/{usr/,}sbin/hwinfo rPx,
/{usr/,}{s,}bin/hwinfo rPx,
/{usr/,}bin/glxinfo rPx,
/{usr/,}sbin/i2cdetect rPx,
/{usr/,}{s,}bin/i2cdetect rPx,
/{usr/,}bin/glxgears rPx,
/{usr/,}sbin/memtester rPx,
/{usr/,}{s,}bin/memtester rPx,
/{usr/,}bin/xrandr rPx,
/{usr/,}bin/inxi rPx,
/{usr/,}bin/aplay rPx,
@ -78,10 +78,10 @@ profile hw-probe @{exec_path} {
/{usr/,}bin/killall rCx -> killall,
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}bin/kmod rCx -> kmod,
/{usr/,}sbin/iw rCx -> netconfig,
/{usr/,}sbin/ifconfig rCx -> netconfig,
/{usr/,}sbin/iwconfig rCx -> netconfig,
/{usr/,}sbin/ethtool rCx -> netconfig,
/{usr/,}{s,}bin/iw rCx -> netconfig,
/{usr/,}{s,}bin/ifconfig rCx -> netconfig,
/{usr/,}{s,}bin/iwconfig rCx -> netconfig,
/{usr/,}{s,}bin/ethtool rCx -> netconfig,
/{usr/,}bin/curl rCx -> curl,
owner /root/HW_PROBE/{,**} rw,
@ -221,10 +221,10 @@ profile hw-probe @{exec_path} {
network appletalk dgram,
network netlink raw,
/{usr/,}sbin/iw mr,
/{usr/,}sbin/ifconfig mr,
/{usr/,}sbin/iwconfig mr,
/{usr/,}sbin/ethtool mr,
/{usr/,}{s,}bin/iw mr,
/{usr/,}{s,}bin/ifconfig mr,
/{usr/,}{s,}bin/iwconfig mr,
/{usr/,}{s,}bin/ethtool mr,
owner @{PROC}/@{pid}/net/if_inet6 r,
owner @{PROC}/@{pid}/net/dev r,

4
apparmor.d/profiles-a-l/hwinfo
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/hwinfo
@{exec_path} = /{usr/,}{s,}bin/hwinfo
profile hwinfo @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>
@ -36,7 +36,7 @@ profile hwinfo @{exec_path} {
/{usr/,}bin/kmod rCx -> kmod,
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}sbin/dmraid rPUx,
/{usr/,}{s,}bin/dmraid rPUx,
@{PROC}/version r,
@{PROC}/cmdline r,

2
apparmor.d/profiles-a-l/hypnotix
View file

@ -42,7 +42,7 @@ profile hypnotix @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/mkdir rix,
/{usr/,}bin/xdg-screensaver rCx -> xdg-screensaver,

2
apparmor.d/profiles-a-l/i2cdetect
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/i2cdetect
@{exec_path} = /{usr/,}{s,}bin/i2cdetect
profile i2cdetect @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/ifconfig
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ifconfig
@{exec_path} = /{usr/,}{s,}bin/ifconfig
profile ifconfig @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

4
apparmor.d/profiles-a-l/ifup
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{ifup,ifdown,ifquery}
@{exec_path} = /{usr/,}{s,}bin/{ifup,ifdown,ifquery}
profile ifup @{exec_path} {
include <abstractions/base>
@ -24,7 +24,7 @@ profile ifup @{exec_path} {
/{usr/,}bin/ip rix,
/{usr/,}bin/sleep rix,
/{usr/,}sbin/dhclient rPx,
/{usr/,}{s,}bin/dhclient rPx,
/{usr/,}bin/macchanger rPx,
/{usr/,}bin/run-parts rCx -> run-parts,

2
apparmor.d/profiles-a-l/initd-kexec
View file

@ -18,7 +18,7 @@ profile initd-kexec @{exec_path} {
/{usr/,}bin/tput rix,
/{usr/,}bin/echo rix,
/{usr/,}sbin/kexec rPx,
/{usr/,}{s,}bin/kexec rPx,
/{usr/,}bin/run-parts rCx -> run-parts,
/{usr/,}bin/systemctl rCx -> systemctl,

2
apparmor.d/profiles-a-l/initd-kexec-load
View file

@ -25,7 +25,7 @@ profile initd-kexec-load @{exec_path} {
/{usr/,}bin/readlink rix,
/{usr/,}bin/tput rix,
/{usr/,}sbin/kexec rPx,
/{usr/,}{s,}bin/kexec rPx,
/{usr/,}bin/run-parts rCx -> run-parts,
/{usr/,}bin/systemctl rCx -> systemctl,

8
apparmor.d/profiles-a-l/inxi
View file

@ -51,19 +51,19 @@ profile inxi @{exec_path} {
/{usr/,}bin/lsblk rPx,
/{usr/,}bin/sensors rPx,
/{usr/,}bin/uptime rPx,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}{s,}bin/dmidecode rPx,
/{usr/,}bin/xdpyinfo rPx,
/{usr/,}bin/who rPx,
/{usr/,}bin/xprop rPx,
/{usr/,}bin/df rPx,
/{usr/,}sbin/blockdev rPx,
/{usr/,}{s,}bin/blockdev rPx,
/{usr/,}bin/dig rPx,
/{usr/,}bin/ps rPx,
/{usr/,}bin/sudo rPx,
/{usr/,}bin/openbox rPx,
/{usr/,}bin/xset rPx,
/{usr/,}sbin/smartctl rPx,
/{usr/,}sbin/hddtemp rPx,
/{usr/,}{s,}bin/smartctl rPx,
/{usr/,}{s,}bin/hddtemp rPx,
/etc/ r,
/etc/inxi.conf r,

4
apparmor.d/profiles-a-l/iotop
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/iotop
@{exec_path} = /{usr/,}{s,}bin/iotop
profile iotop @{exec_path} {
include <abstractions/base>
include <abstractions/python>
@ -23,7 +23,7 @@ profile iotop @{exec_path} {
/{usr/,}bin/file rix,
/{usr/,}sbin/ r,
/{usr/,}{s,}bin/ r,
@{PROC}/ r,
@{PROC}/vmstat r,

2
apparmor.d/profiles-a-l/iw
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/iw
@{exec_path} = /{usr/,}{s,}bin/iw
profile iw @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/iwlist
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/iwlist
@{exec_path} = /{usr/,}{s,}bin/iwlist
profile iwlist @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-a-l/jdownloader
View file

@ -88,7 +88,7 @@ profile jdownloader @{exec_path} {
# For Reconnect -> Share Settings/Get Route
#/{usr/,}bin/netstat rix,
#/{usr/,}sbin/route rix,
#/{usr/,}{s,}bin/route rix,
#/{usr/,}bin/ping rix,
#/{usr/,}bin/ip rix,
#@{PROC}/@{pid}/net/route r,

2
apparmor.d/profiles-a-l/kcheckpass
View file

@ -17,7 +17,7 @@ profile kcheckpass @{exec_path} {
@{exec_path} mr,
/{usr/,}sbin/unix_chkpwd rPx,
/{usr/,}{s,}bin/unix_chkpwd rPx,
# file_inherit
owner @{HOME}/.xsession-errors w,

2
apparmor.d/profiles-a-l/kerneloops
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/kerneloops
@{exec_path} = /{usr/,}{s,}bin/kerneloops
profile kerneloops @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-a-l/kexec
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/kexec
@{exec_path} = /{usr/,}{s,}bin/kexec
profile kexec @{exec_path} flags=(complain) {
include <abstractions/base>

2
apparmor.d/profiles-a-l/kmod
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{BUILD_DIR} = /media/debuilder/
@{exec_path} = /{usr/,}bin/{kmod,lsmod}
@{exec_path} += /{usr/,}sbin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe}
@{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe}
profile kmod @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/profiles-a-l/kodi
View file

@ -33,7 +33,7 @@ profile kodi @{exec_path} {
/{usr/,}bin/cat rix,
/{usr/,}bin/cut rix,
/{usr/,}bin/dirname rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/lsb_release rPx -> child-lsb_release,
/{usr/,}bin/df rCx -> df,

4
apparmor.d/profiles-a-l/kvm-ok
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/kvm-ok
@{exec_path} = /{usr/,}{s,}bin/kvm-ok
profile kvm-ok @{exec_path} {
include <abstractions/base>
@ -19,7 +19,7 @@ profile kvm-ok @{exec_path} {
/{usr/,}bin/kmod rCx -> kmod,
/{usr/,}sbin/rdmsr rPx,
/{usr/,}{s,}bin/rdmsr rPx,
#/proc/cpuinfo r,
#/dev/kvm r,

4
apparmor.d/profiles-a-l/labwc
View file

@ -27,9 +27,9 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
# Apps allowed to run
/{usr/,}sbin/* rPUx,
/{usr/,}{s,}bin/* rPUx,
/{usr/,}bin/* rPUx,
/usr/libexec/* rPUx,
/usr/{lib,libexec}/* rPUx,
owner @{user_config_dirs}/labwc/ r,
owner @{user_config_dirs}/labwc/* r,

4
apparmor.d/profiles-a-l/lightdm
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/lightdm
@{exec_path} = /{usr/,}{s,}bin/lightdm
profile lightdm @{exec_path} {
include <abstractions/base>
include <abstractions/X>
@ -66,7 +66,7 @@ profile lightdm @{exec_path} {
/{usr/,}bin/plymouth mrix,
/{usr/,}bin/Xorg rPx,
/{usr/,}sbin/lightdm-gtk-greeter rPx,
/{usr/,}{s,}bin/lightdm-gtk-greeter rPx,
/{usr/,}bin/startx rPx,
/etc/X11/Xsession rPUx,

2
apparmor.d/profiles-a-l/lightdm-gtk-greeter
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/lightdm-gtk-greeter
@{exec_path} = /{usr/,}{s,}bin/lightdm-gtk-greeter
profile lightdm-gtk-greeter @{exec_path} {
include <abstractions/base>
include <abstractions/X>

6
apparmor.d/profiles-a-l/linssid
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/linssid /{usr/,}bin/linssid-pkexec
@{exec_path} = /{usr/,}{s,}bin/linssid /{usr/,}bin/linssid-pkexec
profile linssid @{exec_path} {
include <abstractions/base>
include <abstractions/X>
@ -42,7 +42,7 @@ profile linssid @{exec_path} {
deny /{usr/,}bin/dbus-launch rx,
deny /{usr/,}bin/dbus-send rx,
/{usr/,}sbin/iw rCx -> iw,
/{usr/,}{s,}bin/iw rCx -> iw,
/{usr/,}bin/pkexec rPx,
# For regular run as root user
@ -84,7 +84,7 @@ profile linssid @{exec_path} {
network netlink raw,
/{usr/,}sbin/iw mr,
/{usr/,}{s,}bin/iw mr,
# file_inherit
owner @{HOME}/.linssid.prefs rw,

2
apparmor.d/profiles-a-l/localepurge
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/localepurge
@{exec_path} = /{usr/,}{s,}bin/localepurge
profile localepurge @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

8
apparmor.d/profiles-a-l/logrotate
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/logrotate
@{exec_path} = /{usr/,}{s,}bin/logrotate
profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
include <abstractions/base>
include <abstractions/nameservice-strict>
@ -26,18 +26,18 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
@{exec_path} mr,
/{usr/,}sbin/ r,
/{usr/,}{s,}bin/ r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/ls rix,
/{usr/,}bin/gzip rix,
/{usr/,}sbin/invoke-rc.d rix,
/{usr/,}{s,}bin/invoke-rc.d rix,
/{usr/,}lib/rsyslog/rsyslog-rotate rix,
# no new privs
#/{usr/,}bin/systemctl rCx -> systemctl,
/{usr/,}bin/systemctl rix,
/{usr/,}sbin/runlevel rix,
/{usr/,}{s,}bin/runlevel rix,
include <abstractions/wutmp>
ptrace (read),
capability sys_ptrace,

2
apparmor.d/profiles-m-z/memtester
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/memtester
@{exec_path} = /{usr/,}{s,}bin/memtester
profile memtester @{exec_path} {
include <abstractions/base>

4
apparmor.d/profiles-m-z/mke2fs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{mke2fs,mkfs.ext2,mkfs.ext3,mkfs.ext4}
@{exec_path} = /{usr/,}{s,}bin/{mke2fs,mkfs.ext2,mkfs.ext3,mkfs.ext4}
profile mke2fs @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>
@ -16,7 +16,7 @@ profile mke2fs @{exec_path} {
# To check for badblocks
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}sbin/badblocks rPx,
/{usr/,}{s,}bin/badblocks rPx,
/etc/mke2fs.conf r,

2
apparmor.d/profiles-m-z/mkfs-btrfs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/mkfs.btrfs
@{exec_path} = /{usr/,}{s,}bin/mkfs.btrfs
profile mkfs-btrfs @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/mkfs-fat
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{mkfs.fat,mkfs.msdos,mkfs.vfat,mkdosfs}
@{exec_path} = /{usr/,}{s,}bin/{mkfs.fat,mkfs.msdos,mkfs.vfat,mkdosfs}
profile mkfs-fat @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/mkntfs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/{mkntfs,mkfs.ntfs}
@{exec_path} = /{usr/,}{s,}bin/{mkntfs,mkfs.ntfs}
profile mkntfs @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/mkswap
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/mkswap
@{exec_path} = /{usr/,}{s,}bin/mkswap
profile mkswap @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

8
apparmor.d/profiles-m-z/mount
View file

@ -30,10 +30,10 @@ profile mount @{exec_path} flags=(complain) {
@{exec_path} mr,
/{usr/,}bin/ntfs-3g rPx,
/{usr/,}bin/lowntfs-3g rPx,
/{usr/,}bin/sshfs rPx,
/{usr/,}sbin/mount.* rPx,
/{usr/,}bin/ntfs-3g rPx,
/{usr/,}{s,}bin/lowntfs-3g rPx,
/{usr/,}bin/sshfs rPx,
/{usr/,}{s,}bin/mount.* rPx,
# Mount points
/media/*/ r,

2
apparmor.d/profiles-m-z/mount-cifs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/mount.cifs
@{exec_path} = /{usr/,}{s,bin}/mount.cifs
profile mount-cifs @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-m-z/mount-nfs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/mount.nfs
@{exec_path} = /{usr/,}{s,bin}/mount.nfs
profile mount-nfs @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-m-z/mpsyt
View file

@ -29,7 +29,7 @@ profile mpsyt @{exec_path} {
/{usr/,}bin/ r,
/{usr/,}bin/tset rix,
/{usr/,}sbin/ldconfig rix,
/{usr/,}{s,}bin/ldconfig rix,
/{usr/,}bin/uname rix,
/{usr/,}bin/mpv rPUx,

2
apparmor.d/profiles-m-z/nethogs
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/nethogs
@{exec_path} = /{usr/,}{s,}bin/nethogs
profile nethogs @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-m-z/nft
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/nft
@{exec_path} = /{usr/,}{s,}bin/nft
profile nft @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/profiles-m-z/ntfs-3g
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/{low,}ntfs{,-3g}
@{exec_path} += /{usr/,}sbin/mount.{low,}ntfs{,-3g}
@{exec_path} += /{usr/,}{s,}bin/mount.{low,}ntfs{,-3g}
profile ntfs-3g @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/ntfsclone
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ntfsclone
@{exec_path} = /{usr/,}{s,}bin/ntfsclone
profile ntfsclone @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/ntfscp
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ntfscp
@{exec_path} = /{usr/,}{s,}bin/ntfscp
profile ntfscp @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/ntfslabel
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ntfslabel
@{exec_path} = /{usr/,}{s,}bin/ntfslabel
profile ntfslabel @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/ntfsresize
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ntfsresize
@{exec_path} = /{usr/,}{s,}bin/ntfsresize
profile ntfsresize @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>

2
apparmor.d/profiles-m-z/ntfsundelete
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/ntfsundelete
@{exec_path} = /{usr/,}{s,}bin/ntfsundelete
profile ntfsundelete @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>

2
apparmor.d/profiles-m-z/on-ac-power
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/on_ac_power /{usr/,}bin/on_ac_power
@{exec_path} = /{usr/,}{s,}bin/on_ac_power /{usr/,}bin/on_ac_power
profile on-ac-power @{exec_path} {
include <abstractions/base>

2
apparmor.d/profiles-m-z/openbox
View file

@ -22,7 +22,7 @@ profile openbox @{exec_path} {
/{usr/,}lib/@{multiarch}/openbox-autostart rCx -> autostart,
# Apps allowed to run
/{usr/,}sbin/* rPUx,
/{usr/,}{s,}bin/* rPUx,
/{usr/,}bin/* rPUx,
/usr/libexec/* rPUx,

4
apparmor.d/profiles-m-z/pam-auth-update
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/pam-auth-update
@{exec_path} = /{usr/,}{s,}bin/pam-auth-update
profile pam-auth-update @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
@ -35,7 +35,7 @@ profile pam-auth-update @{exec_path} flags=(complain) {
/usr/share/debconf/frontend r,
/{usr/,}bin/perl r,
/{usr/,}sbin/pam-auth-update rPx,
/{usr/,}{s,}bin/pam-auth-update rPx,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/stty rix,

4
apparmor.d/profiles-m-z/parted
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}sbin/parted
@{exec_path} = /{usr/,}{s,}bin/parted
profile parted @{exec_path} {
include <abstractions/base>
include <abstractions/disks-write>
@ -31,7 +31,7 @@ profile parted @{exec_path} {
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}{s,}bin/dmidecode rPx,
owner @{PROC}/@{pid}/mounts r,
@{PROC}/swaps r,

Some files were not shown because too many files have changed in this diff Show more