mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profiles): remove rules promoted into the base abstraction.

Browse Source
This commit is contained in:
Alexandre Pujol 2022-11-28 18:05:29 +00:00
parent 116cb3059f
commit 9a46df81b9
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
28 changed files with 0 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apparmor.d/groups/browsers/brave
View File

@ -134,7 +134,6 @@ profile brave @{exec_path} {
@{sys}/devices/pci[0-9]*/**/usb[0-9]/{,**/}{busnum,devnum} r,
@{sys}/devices/pci[0-9]*/**/usb[0-9]/{,**/}{descriptors,manufacturer,product,serial,bConfigurationValue} r,
@{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
@{sys}/devices/system/cpu/online r,
@{sys}/devices/virtual/tty/tty[0-9]/active r,
/dev/bus/usb/[0-9]*/[0-9]* rw,

1
apparmor.d/groups/browsers/firefox
View File

@ -225,7 +225,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r,
@{sys}/devices/pci[0-9]*/**/irq r,
@{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
@{sys}/devices/system/cpu/possible r,
deny @{sys}/devices/system/cpu/cpu[0-9]/cache/index[0-9]/size r,
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
deny @{sys}/devices/system/cpu/present r,

1
apparmor.d/groups/freedesktop/xwayland
View File

@ -38,7 +38,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/xwayland-shared-?????? rw,
@{sys}/bus/pci/devices/ r,
@{sys}/devices/system/cpu/possible r,
@{PROC}/@{pids}/cmdline r,
owner @{PROC}/@{pids}/comm r,

2
apparmor.d/groups/gnome/gjs-console
View File

@ -102,8 +102,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{sys}/devices/system/cpu/possible r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,

1
apparmor.d/groups/gnome/gnome-control-center
View File

@ -165,7 +165,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/**/{name,vendor,product,uevent} r,
@{sys}/devices/**/power_supply/{,**} r,
@{sys}/devices/platform/**/uevent r,
@{sys}/devices/system/cpu/possible r,
@{sys}/devices/virtual/**/uevent r,
@{sys}/devices/virtual/dmi/id/chassis_type r,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r,

2
apparmor.d/groups/gnome/gnome-control-center-print-renderer
View File

@ -45,8 +45,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{sys}/devices/system/cpu/possible r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/comm r,

2
apparmor.d/groups/gnome/gnome-extensions-app
View File

@ -28,8 +28,6 @@ profile gnome-extensions-app @{exec_path} {
/usr/share/gnome-shell/org.gnome.Extensions* r,
/usr/share/X11/xkb/{,**} r,
@{sys}/devices/system/cpu/possible r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pids}/stat r,
owner @{PROC}/@{pids}/task/@{tid}/stat r,

1
apparmor.d/groups/gnome/gnome-shell
View File

@ -625,7 +625,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r,
@{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
@{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r,
@{sys}/devices/system/cpu/possible r,
@{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
owner @{PROC}/@{pid}/comm r,

1
apparmor.d/groups/gnome/gnome-software
View File

@ -87,7 +87,6 @@ profile gnome-software @{exec_path} {
owner @{run}/user/@{uid}/.flatpak/{,**} rw,
owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk,
@{sys}/devices/system/cpu/possible r,
@{sys}/module/nvidia/version r,
@{PROC}/@{pids}/mounts r,

2
apparmor.d/groups/gnome/tracker-extract
View File

@ -107,8 +107,6 @@ profile tracker-extract @{exec_path} {
@{run}/udev/data/c51[0-9]:[0-9]* r,
@{run}/mount/utab r,
@{sys}/devices/system/cpu/possible r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,

1
apparmor.d/groups/grub/grub-multi-install
View File

@ -28,7 +28,6 @@ profile grub-multi-install @{exec_path} {
/boot/grub/grub.cfg rw,
@{PROC}/filesystems r,
owner @{PROC}/@{pid}/maps r,
owner @{PROC}/@{pid}/mounts r,

1
apparmor.d/groups/network/mullvad-gui
View File

@ -54,7 +54,6 @@ profile mullvad-gui @{exec_path} {
@{sys}/bus/pci/devices/ r,
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
@{sys}/devices/pci[0-9]*/**/{vendor,device,class,config} r,
@{sys}/devices/system/cpu/possible r,
@{PROC}/ r,
@{PROC}/sys/fs/inotify/max_user_watches r,

1
apparmor.d/groups/ssh/sshd
View File

@ -105,7 +105,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
@{PROC}/@{pids}/fd/ r,
@{PROC}/1/environ r,
@{PROC}/cmdline r,
@{PROC}/filesystems r,
@{PROC}/sys/kernel/ngroups_max r,
/dev/ptmx rw,

1
apparmor.d/groups/systemd/networkctl
View File

@ -53,7 +53,6 @@ profile networkctl @{exec_path} flags=(attach_disconnected,complain) {
@{sys}/devices/**/net/**/uevent r,
@{PROC}/filesystems r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/stat r,

1
apparmor.d/groups/systemd/systemd-ask-password
View File

@ -13,7 +13,6 @@ profile systemd-ask-password @{exec_path} {
@{exec_path} mr,
@{PROC}/filesystems r,
owner @{PROC}/@{pid}/stat r,
include if exists <local/systemd-ask-password>

1
apparmor.d/groups/ubuntu/list-oem-metapackages
View File

@ -26,7 +26,6 @@ profile list-oem-metapackages @{exec_path} {
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/mountinfo r,
@{PROC}/filesystems r,
include if exists <local/list-oem-metapackages>
}

1
apparmor.d/groups/virt/k3s
View File

@ -133,7 +133,6 @@ profile k3s @{exec_path} {
@{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r,
@{sys}/devices/system/edac/mc/ r,
@{sys}/devices/system/cpu/ r,
@{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r,
@{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r,
@{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,

2
apparmor.d/groups/virt/libvirtd
View File

@ -189,10 +189,8 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/pci[0-9]*/**/remove w,
@{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
@{sys}/devices/system/cpu/ r,
@{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r,
@{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r,
@{sys}/devices/system/cpu/possible r,
@{sys}/devices/system/cpu/present r,
@{sys}/devices/system/cpu/present/ r,
@{sys}/devices/system/node/ r,

1
apparmor.d/groups/virt/virt-aa-helper
View File

@ -45,7 +45,6 @@ profile virt-aa-helper @{exec_path} {
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/net/psched r,
@{PROC}/filesystems r,
deny @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/status r,

1
apparmor.d/groups/virt/virtlogd
View File

@ -32,7 +32,6 @@ profile virtlogd @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/virtlogd.pid rwk,
@{sys}/devices/system/cpu/possible r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node[0-9]*/meminfo r,

1
apparmor.d/profiles-a-f/apparmor.systemd
View File

@ -38,7 +38,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
@{PROC}/@{pids}/fd/ r,
@{PROC}/@{pids}/maps r,
@{PROC}/@{pids}/mounts r,
@{PROC}/filesystems r,
@{PROC}/mounts r,
/dev/tty rw,

1
apparmor.d/profiles-a-f/apparmor_parser
View File

@ -28,7 +28,6 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
owner /tmp/cri-containerd.apparmor.d[0-9]* r,
@{sys}/devices/system/cpu/possible r,
@{sys}/kernel/security/apparmor/{,**} r,
owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw,

1
apparmor.d/profiles-g-l/haveged
View File

@ -25,7 +25,6 @@ profile haveged @{exec_path} {
@{PROC}/sys/kernel/random/write_wakeup_threshold w,
/dev/random w,
@{sys}/devices/system/cpu/ r,
@{sys}/devices/system/cpu/cpu*/cache/ r,
@{sys}/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,

1
apparmor.d/profiles-g-l/losetup
View File

@ -18,7 +18,6 @@ profile losetup @{exec_path} {
@{exec_path} mr,
@{sys}/devices/**/usb[0-9]/{,**} r,
@{sys}/devices/system/cpu/possible r,
/dev/loop-control rw,
/dev/loop[0-9]* rw,

1
apparmor.d/profiles-s-z/steam-fossilize
View File

@ -31,7 +31,6 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) {
owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw,
@{sys}/devices/system/cpu/possible r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node[0-9]*/cpumap r,

3
apparmor.d/profiles-s-z/update-ca-certificates
View File

@ -52,9 +52,6 @@ profile update-ca-certificates @{exec_path} {
/usr/local/share/ r,
@{PROC}/filesystems r,
profile run-parts {
include <abstractions/base>

2
apparmor.d/profiles-s-z/vlc-cache-gen
View File

@ -15,8 +15,6 @@ profile vlc-cache-gen @{exec_path} {
/{usr/,}lib/vlc/plugins/{,*} rw,
@{sys}/devices/system/cpu/possible r,
# Inherit silencer
deny network inet6 stream,
deny network inet stream,

1
apparmor.d/profiles-s-z/wireplumber
View File

@ -48,7 +48,6 @@ profile wireplumber @{exec_path} {
@{sys}/devices/**/sound/**/uevent r,
@{sys}/devices/pci[0-9]*/**/modalias r,
@{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
@{sys}/devices/system/cpu/possible r,
/dev/media[0-9]* rw,
/dev/snd/ r,