From a0d703a3ee70dcc68582c561a06c48910352b85c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 8 Jul 2021 12:54:52 +0100 Subject: [PATCH] Add systemd-delta & systemd-path. --- apparmor.d/groups/systemd/systemd-delta | 33 +++++++++++++++++++++++++ apparmor.d/groups/systemd/systemd-path | 18 ++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 apparmor.d/groups/systemd/systemd-delta create mode 100644 apparmor.d/groups/systemd/systemd-path diff --git a/apparmor.d/groups/systemd/systemd-delta b/apparmor.d/groups/systemd/systemd-delta new file mode 100644 index 00000000..6e3da17f --- /dev/null +++ b/apparmor.d/groups/systemd/systemd-delta @@ -0,0 +1,33 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2021 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}bin/systemd-delta +profile systemd-delta @{exec_path} { + include + + signal (send) peer=child-pager, + + @{exec_path} mr, + + /{usr/,}bin/less rPx -> child-pager, + + /etc/binfmt.d/{,**} r, + /etc/modprobe.d/{,**} r, + /etc/modules-load.d/{,**} r, + /etc/sysctl.d/{,**} r, + /etc/systemd/system/{,**} r, + /etc/systemd/user/{,**} r, + /etc/tmpfiles.d/{,**} r, + /etc/udev/rules.d/{,**} r, + @{run}/systemd/system/{,**} r, + @{run}/tmpfiles.d/{,**} r, + + @{PROC}/@{pids}/cgroup r, + + include if exists +} diff --git a/apparmor.d/groups/systemd/systemd-path b/apparmor.d/groups/systemd/systemd-path new file mode 100644 index 00000000..1c26e402 --- /dev/null +++ b/apparmor.d/groups/systemd/systemd-path @@ -0,0 +1,18 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2021 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}bin/systemd-path +profile systemd-path @{exec_path} { + include + + @{exec_path} mr, + + owner @{user_config_dirs}/user-dirs.dirs r, + + include if exists +}