mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add gitstatusd & test git.

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-04 20:05:07 +01:00
parent d68e8cdf97
commit a48b6eed2e
Failed to generate hash of commit
2 changed files with 32 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
apparmor.d/profiles-a-l/git
View file

@ -1,13 +1,12 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2020-2021 Mikhail Morfikov
# 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>, abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/
@{exec_path} = /{usr/,}bin/git @{exec_path} = /{usr/,}bin/git
@{exec_path} += /{usr/,}bin/git-* @{exec_path} += /{usr/,}bin/git-*
@{exec_path} += /{usr/,}lib/git-core/git @{exec_path} += /{usr/,}lib/git-core/git
@ -67,8 +66,8 @@ profile git @{exec_path} {
/{usr/,}bin/sensible-editor rCx -> editor, /{usr/,}bin/sensible-editor rCx -> editor,
/{usr/,}bin/vim.* rCx -> editor, /{usr/,}bin/vim.* rCx -> editor,
owner @{user_config_dirs}/git/ rw, owner @{HOME}/.gitconfig rw,
owner @{user_config_dirs}/git/config rw, owner @{user_config_dirs}/git/{,*} rw,
/usr/share/git-core/{,**} r, /usr/share/git-core/{,**} r,
@ -85,10 +84,10 @@ profile git @{exec_path} {
owner /tmp/git-commit-msg-.txt rw, owner /tmp/git-commit-msg-.txt rw,
# For package building # For package building
owner @{HOME}/*/ rw, owner @{HOME}/*/ rw,
owner @{HOME}/*/** rwkl -> @{HOME}/*/**, owner @{HOME}/*/** rwkl -> @{HOME}/*/**,
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
owner @{BUILD_DIR}/**/bin/* rCx -> exec, owner @{user_build_dirs}/**/bin/* rCx -> exec,
/etc/mailname r, /etc/mailname r,
@ -133,7 +132,7 @@ profile git @{exec_path} {
profile exec { profile exec {
include <abstractions/base> include <abstractions/base>
owner @{BUILD_DIR}/**/bin/* mr, owner @{user_build_dirs}/**/bin/* mr,
} }
@ -156,8 +155,8 @@ profile git @{exec_path} {
owner @{HOME}/.fzf/plugin/fzf.vim r, owner @{HOME}/.fzf/plugin/fzf.vim r,
# The git repository files # The git repository files
owner @{BUILD_DIR}/ r, owner @{user_build_dirs}/ r,
owner @{BUILD_DIR}/** rw, owner @{user_build_dirs}/** rw,
} }

22
apparmor.d/profiles-a-l/gitstatusd Normal file
View file

@ -0,0 +1,22 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /usr/share/zsh-theme-powerlevel10k/gitstatus/usrbin/gitstatusd{,-*}
profile gitstatusd @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
owner @{HOME}/@{XDG_PROJECTS_DIR}/{,**} r,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/.git/.gitstatus.[a-zA-Z]*/{,**} rw,
owner @{HOME}/.gitconfig r,
owner @{user_config_dirs}/git/{,*} r,
include if exists <local/gitstatusd>
}