Disk mount fix.

2024-11-15 07:54:17 +01:00 · 2021-04-19 15:15:38 +01:00 · 2021-04-19 15:15:38 +01:00 · a5ec3e559c
commit a5ec3e559c
parent 4a35b7d804
2 changed files with 5 additions and 0 deletions
--- a/apparmor.d/profiles-m-z/mount
+++ b/apparmor.d/profiles-m-z/mount
@ -13,6 +13,8 @@ profile mount @{exec_path} flags=(complain) {
  include <abstractions/disks-write>
  include <abstractions/nameservice-strict>
  capability chown,
  # To be able to mount anything
  #  mount("/dev/sdb1", "/mnt", "ext4", 0, NULL) = -1 EPERM (Operation not permitted)
  #  write(2, "/mnt: permission denied.", 24) = 24
--- a/apparmor.d/profiles-m-z/udisksd
+++ b/apparmor.d/profiles-m-z/udisksd
@ -107,6 +107,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
  @{sys}/class/ r,
  @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}uevent w,
  @{sys}/devices/virtual/block/dm-[0-9]*/ w,
  @{sys}/devices/virtual/block/dm-[0-9]*/** w,
  # For powering off USB devices
  @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw,
@ -124,6 +126,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
  @{run}/udisks2/ rw,
  @{run}/udisks2/loop{,.*} rw,
  @{run}/udisks2/unlocked-luks{,.*} rw,
  @{run}/udisks2/unlocked-crypto-dev{,.*} rw,
  @{run}/udisks2/mounted-fs{,.*} rw,
  @{run}/systemd/seats/seat[0-9]* r,