mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Disk mount fix.

Browse Source
This commit is contained in:
Alexandre Pujol 2021-04-19 15:15:38 +01:00
parent 4a35b7d804
commit a5ec3e559c
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor.d/profiles-m-z/mount
View File

@ -13,6 +13,8 @@ profile mount @{exec_path} flags=(complain) {
include <abstractions/disks-write>
include <abstractions/nameservice-strict>
capability chown,
# To be able to mount anything
# mount("/dev/sdb1", "/mnt", "ext4", 0, NULL) = -1 EPERM (Operation not permitted)
# write(2, "/mnt: permission denied.", 24) = 24

3
apparmor.d/profiles-m-z/udisksd
View File

@ -107,6 +107,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{sys}/class/ r,
@{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}uevent w,
@{sys}/devices/virtual/block/dm-[0-9]*/ w,
@{sys}/devices/virtual/block/dm-[0-9]*/** w,
# For powering off USB devices
@{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw,
@ -124,6 +126,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{run}/udisks2/ rw,
@{run}/udisks2/loop{,.*} rw,
@{run}/udisks2/unlocked-luks{,.*} rw,
@{run}/udisks2/unlocked-crypto-dev{,.*} rw,
@{run}/udisks2/mounted-fs{,.*} rw,
@{run}/systemd/seats/seat[0-9]* r,