feat(profile): apply profile guideline on secure-time-sync.

2024-11-14 23:43:56 +01:00 · 2024-01-24 21:03:49 +00:00 · 2024-01-24 21:03:49 +00:00 · 9a65da3605
commit 9a65da3605
parent c3e92b3408
2 changed files with 12 additions and 7 deletions
--- a/apparmor.d/profiles-s-z/secure-time-sync
+++ b/apparmor.d/profiles-s-z/secure-time-sync
@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

 abi <abi/3.0>,
@ -17,13 +18,16 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) {
  network inet dgram,
  network inet6 dgram,

+  @{exec_path} mr,
+
+  @{bin}/{,ba,da}sh  rix,
+  @{bin}/curl        rix,
+  @{bin}/date        rix,
+  @{bin}/grep        rix,
+  @{bin}/id          rPx,
+  @{bin}/sed         rix,
+
  owner /dev/tty rw,

-  /usr/bin/bash ix,
-  /usr/bin/curl mrix,
-  /usr/bin/date mrix,
-  /usr/bin/grep mrix,
-  /usr/bin/id mrix,
-  /usr/bin/sed mrix,
-  @{exec_path} r,
+  include if exists <local/secure-time-sync>
 }
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@ -291,6 +291,7 @@ runuser complain
 s3fs complain
 sdcv complain
 sddm attach_disconnected,mediate_deleted,complain
+secure-time-sync attach_disconnected,complain
 sftp-server complain
 sing-box complain
 slirp4netns attach_disconnected,complain