mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-26 15:06:45 +01:00
feat(profile): small profile improvments.
This commit is contained in:
parent
f814bb4caf
commit
7c148fca95
5 changed files with 5 additions and 3 deletions
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/systemd1
|
dbus send bus=system path=/org/freedesktop/systemd1{,/**}
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member={Get,GetAll}
|
member={Get,GetAll}
|
||||||
peer=(name=org.freedesktop.systemd1, label="@{p_systemd}"),
|
peer=(name=org.freedesktop.systemd1, label="@{p_systemd}"),
|
||||||
|
|
|
@ -41,6 +41,7 @@ profile blkid @{exec_path} flags=(attach_disconnected) {
|
||||||
@{PROC}/swaps r,
|
@{PROC}/swaps r,
|
||||||
|
|
||||||
# Other possible location of the cache file
|
# Other possible location of the cache file
|
||||||
|
/dev/.blkid.tab.old rwl -> /dev/.blkid.tab,
|
||||||
/dev/.blkid.tab{,-@{rand6}} rw,
|
/dev/.blkid.tab{,-@{rand6}} rw,
|
||||||
/dev/blkid.tab.old rwl -> /dev/blkid.tab,
|
/dev/blkid.tab.old rwl -> /dev/blkid.tab,
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ profile issue-generator @{exec_path} {
|
||||||
/etc/sysconfig/issue-generator r,
|
/etc/sysconfig/issue-generator r,
|
||||||
|
|
||||||
@{run}/agetty.reload w,
|
@{run}/agetty.reload w,
|
||||||
@{run}/issue r,
|
@{run}/issue rw,
|
||||||
@{run}/issue.@{rand10} rw,
|
@{run}/issue.@{rand10} rw,
|
||||||
@{run}/issue.d/{,**} r,
|
@{run}/issue.d/{,**} r,
|
||||||
|
|
||||||
|
|
|
@ -54,6 +54,7 @@ profile useradd @{exec_path} {
|
||||||
# To create user dirs and copy files from /etc/skel/ to them
|
# To create user dirs and copy files from /etc/skel/ to them
|
||||||
@{HOME}/ rw,
|
@{HOME}/ rw,
|
||||||
@{HOME}/.** w,
|
@{HOME}/.** w,
|
||||||
|
@{HOME}/**/ r,
|
||||||
/var/lib/*/{,*} rw,
|
/var/lib/*/{,*} rw,
|
||||||
/etc/skel/{,.**} r,
|
/etc/skel/{,.**} r,
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ profile w @{exec_path} {
|
||||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||||
|
|
||||||
@{run}/systemd/sessions/ r,
|
@{run}/systemd/sessions/ r,
|
||||||
@{run}/systemd/sessions/@{int} r,
|
@{run}/systemd/sessions/* r,
|
||||||
|
|
||||||
@{PROC}/ r,
|
@{PROC}/ r,
|
||||||
@{PROC}/@{pids}/cmdline r,
|
@{PROC}/@{pids}/cmdline r,
|
||||||
|
|
Loading…
Reference in a new issue