mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

dpkg updates

Browse source 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
This commit is contained in:
Jeroen Rijken 2023-06-07 22:26:10 +02:00 committed by Alex
parent a84f0b540c
commit 83bff808dc
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/groups/children/child-dpkg
View file

@ -16,6 +16,7 @@ include <tunables/global>
profile child-dpkg {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
capability dac_read_search,
capability setgid,
@ -26,11 +27,22 @@ profile child-dpkg {
# ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
# shared object file): ignored.
/{usr/,}bin/dpkg-query rpx,
/{usr/,}bin/dpkg-deb rPx,
/{usr/,}bin/dpkg-split rPx,
/etc/dpkg/dpkg.cfg.d/{,*} r,
/etc/dpkg/dpkg.cfg r,
/usr/share/doc/perl-modules-*/{,**/}*.dpkg-{new,tmp} rwl,
/usr/share/perl/*/{,**/}*.dpkg-{new,tmp} rwl,
/var/lib/dpkg/** r,
/var/lib/dpkg/lock rw,
/var/lib/dpkg/tmp.ci/control rw,
/var/lib/dpkg/tmp.ci/md5sums rw,
/var/lib/dpkg/triggers/Lock rw,
/var/lib/dpkg/updates/* rw,
/var/log/dpkg.log ra,
# file_inherit
/tmp/#[0-9]*[0-9] rw,