mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(fsp): update profile stack.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-03-10 21:17:50 +00:00
parent 10ce0ba4a1
commit ad8e5a9797
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apparmor.d/groups/_full/systemd
View File

@ -32,7 +32,6 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
capability dac_read_search,
capability fowner,
capability fsetid,
capability kill,
capability mknod,
capability net_admin,
capability perfmon,
@ -45,7 +44,6 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
capability sys_nice,
capability sys_ptrace,
capability sys_resource,
capability sys_time,
capability sys_tty_config,
network inet dgram,
@ -85,6 +83,8 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
remount @{MOUNTS}/{,**},
remount @{run}/systemd/mount-rootfs/{,**},
remount /,
remount /snap/{,**},
remount options=(ro noexec noatime bind) /var/snap/{,**},
remount options=(ro nosuid bind) /dev/,
remount options=(ro nosuid nodev bind) /dev/hugepages/,
remount options=(ro nosuid nodev bind) /var/,
@ -117,9 +117,6 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
# dbus: own bus=system name=org.freedesktop.systemd1
# For stacked profiles
# dbus: own bus=system name=org.freedesktop.oom1
# dbus: own bus=system name=org.freedesktop.timesync1
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member=GetConnectionUnixUser
@ -143,6 +140,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
/etc/init.d/* Px,
/usr/share/*/** Px,
# stack: systemd-oomd systemd-timesyncd
@{lib}/systemd/systemd-oomd rPx -> systemd//&systemd-oomd,
@{lib}/systemd/systemd-timesyncd rPx -> systemd//&systemd-timesyncd,

4
apparmor.d/groups/_full/systemd-service
View File

@ -34,6 +34,7 @@ profile systemd-service @{exec_path} flags=(attach_disconnected) {
@{bin}/grub-editenv rPx,
@{bin}/ibus-daemon rPx,
@{bin}/* r,
@{lib}/ r,
/var/cache/ldconfig/{,**} rw,
@ -47,7 +48,8 @@ profile systemd-service @{exec_path} flags=(attach_disconnected) {
# man-db.service
/usr/{,local/}share/man/{,**} r,
/var/cache/man/{,**} rw,
/etc/manpath.config r,
/var/cache/man/{,**} rwk,
# snapd.system-shutdown.service
@{run}/initramfs/shutdown rw,