mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 17:08:09 +01:00
Replace rm with mr.
This commit is contained in:
Jeroen Rijken
Alex
parent
e62465b72f
commit
af0c622b35
45 changed files with 72 additions and 72 deletions
|
|
@ -46,15 +46,15 @@
|
||||||
/opt/ r,
|
/opt/ r,
|
||||||
/opt/** rmixk,
|
/opt/** rmixk,
|
||||||
@{PROC}/ r,
|
@{PROC}/ r,
|
||||||
@{PROC}/* rm,
|
@{PROC}/* mr,
|
||||||
@{PROC}/[0-9]*/net/ r,
|
@{PROC}/[0-9]*/net/ r,
|
||||||
@{PROC}/[0-9]*/net/dev r,
|
@{PROC}/[0-9]*/net/dev r,
|
||||||
@{PROC}/asound rm,
|
@{PROC}/asound mr,
|
||||||
@{PROC}/asound/** rm,
|
@{PROC}/asound/** mr,
|
||||||
@{PROC}/ati rm,
|
@{PROC}/ati mr,
|
||||||
@{PROC}/ati/** rm,
|
@{PROC}/ati/** mr,
|
||||||
@{PROC}/sys/vm/overcommit_memory r,
|
@{PROC}/sys/vm/overcommit_memory r,
|
||||||
owner @{PROC}/** rm,
|
owner @{PROC}/** mr,
|
||||||
# needed for gnome-keyring-daemon
|
# needed for gnome-keyring-daemon
|
||||||
@{PROC}/*/status r,
|
@{PROC}/*/status r,
|
||||||
# needed for bamfdaemon and utilities such as ps and killall
|
# needed for bamfdaemon and utilities such as ps and killall
|
||||||
|
|
@ -62,7 +62,7 @@
|
||||||
/sbin/ r,
|
/sbin/ r,
|
||||||
/sbin/** rmixk,
|
/sbin/** rmixk,
|
||||||
/sys/ r,
|
/sys/ r,
|
||||||
/sys/** rm,
|
/sys/** mr,
|
||||||
# needed for confined trusted helpers, such as dbus-daemon
|
# needed for confined trusted helpers, such as dbus-daemon
|
||||||
/sys/kernel/security/apparmor/.access rw,
|
/sys/kernel/security/apparmor/.access rw,
|
||||||
/tmp/ rw,
|
/tmp/ rw,
|
||||||
|
|
|
||||||
|
|
@ -217,9 +217,9 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
||||||
profile gpg {
|
profile gpg {
|
||||||
#include <abstractions/base>
|
#include <abstractions/base>
|
||||||
|
|
||||||
/usr/bin/gpgconf rm,
|
/usr/bin/gpgconf mr,
|
||||||
/usr/bin/gpg rm,
|
/usr/bin/gpg mr,
|
||||||
/usr/bin/gpgsm rm,
|
/usr/bin/gpgsm mr,
|
||||||
|
|
||||||
owner @{HOME}/@{XDG_GPG_DIR}/* r,
|
owner @{HOME}/@{XDG_GPG_DIR}/* r,
|
||||||
owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk,
|
owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk,
|
||||||
|
|
@ -231,7 +231,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
/usr/lib/libreoffice/program/lo_kde5filepicker rPUx,
|
/usr/lib/libreoffice/program/lo_kde5filepicker rPUx,
|
||||||
/usr/share/qt5/translations/* r,
|
/usr/share/qt5/translations/* r,
|
||||||
/usr/lib/*/qt5/plugins/** rm,
|
/usr/lib/*/qt5/plugins/** mr,
|
||||||
/usr/share/plasma/look-and-feel/**/contents/defaults r,
|
/usr/share/plasma/look-and-feel/**/contents/defaults r,
|
||||||
|
|
||||||
# TODO: remove when rules are available in abstractions/kde
|
# TODO: remove when rules are available in abstractions/kde
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ profile avahi-autoipd @{exec_path} flags=(complain) {
|
||||||
|
|
||||||
signal receive set=(kill,term),
|
signal receive set=(kill,term),
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/etc/avahi/avahi-autoipd.action rix,
|
/etc/avahi/avahi-autoipd.action rix,
|
||||||
|
|
||||||
include if exists <local/avahi-autoipd>
|
include if exists <local/avahi-autoipd>
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ profile avahi-browse @{exec_path} flags=(complain) {
|
||||||
interface=org.freedesktop.Avahi.ServiceTypeBrowser
|
interface=org.freedesktop.Avahi.ServiceTypeBrowser
|
||||||
member={ItemNew,CacheExhausted,AllForNow},
|
member={ItemNew,CacheExhausted,AllForNow},
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/{usr/,}lib/@{multiarch}/avahi/service-types.db rwk,
|
/{usr/,}lib/@{multiarch}/avahi/service-types.db rwk,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ profile avahi-daemon @{exec_path} flags=(complain) {
|
||||||
network inet dgram,
|
network inet dgram,
|
||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/etc/avahi/** r,
|
/etc/avahi/** r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile avahi-publish @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/avahi-publish>
|
include if exists <local/avahi-publish>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ profile avahi-resolve @{exec_path} flags=(complain) {
|
||||||
interface=org.freedesktop.Avahi.AddressResolver
|
interface=org.freedesktop.Avahi.AddressResolver
|
||||||
member={Failure,Found},
|
member={Failure,Found},
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/avahi-resolve>
|
include if exists <local/avahi-resolve>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile avahi-set-host-name @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/avahi-set-host-name>
|
include if exists <local/avahi-set-host-name>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ profile xdg-document-portal @{exec_path} {
|
||||||
profile flatpak {
|
profile flatpak {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
||||||
/{usr/,}bin/flatpak rm,
|
/{usr/,}bin/flatpak mr,
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
/etc/flatpak/remotes.d/{,*} r,
|
/etc/flatpak/remotes.d/{,*} r,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-bios-setup @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-bios-setup>
|
include if exists <local/grub-bios-setup>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-editenv @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/boot/grub/grubenv rw,
|
/boot/grub/grubenv rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-file @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-file>
|
include if exists <local/grub-file>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-fstest @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-fstest>
|
include if exists <local/grub-fstest>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-glue-efi @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-glue-efi>
|
include if exists <local/grub-glue-efi>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-install @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-install>
|
include if exists <local/grub-install>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-kbdcomp @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-kbdcomp>
|
include if exists <local/grub-kbdcomp>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-macbless @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-macbless>
|
include if exists <local/grub-macbless>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-menulst2cfg @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-menulst2cfg>
|
include if exists <local/grub-menulst2cfg>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ profile grub-mkconfig @{exec_path} flags=(complain) {
|
||||||
|
|
||||||
capability dac_read_search,
|
capability dac_read_search,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/etc/grub.d/{**,} rix,
|
/etc/grub.d/{**,} rix,
|
||||||
/{usr/,}bin/{m,g,}awk rix,
|
/{usr/,}bin/{m,g,}awk rix,
|
||||||
/{usr/,}bin/basename rix,
|
/{usr/,}bin/basename rix,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkdevicemap @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkdevicemap>
|
include if exists <local/grub-mkdevicemap>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkfont @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkfont>
|
include if exists <local/grub-mkfont>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkimage @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkimage>
|
include if exists <local/grub-mkimage>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mklayout @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mklayout>
|
include if exists <local/grub-mklayout>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mknetdir @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mknetdir>
|
include if exists <local/grub-mknetdir>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkpasswd-pbkdf2 @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkpasswd-pbkdf2>
|
include if exists <local/grub-mkpasswd-pbkdf2>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkrelpath @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}{local/,}{s,}bin/zpool rPx,
|
/{usr/,}{local/,}{s,}bin/zpool rPx,
|
||||||
|
|
||||||
@{PROC}/@{pids}/mountinfo r,
|
@{PROC}/@{pids}/mountinfo r,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkrescue @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkrescue>
|
include if exists <local/grub-mkrescue>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mkstandalone @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mkstandalone>
|
include if exists <local/grub-mkstandalone>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-mount @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-mount>
|
include if exists <local/grub-mount>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-ntldr-img @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-ntldr-img>
|
include if exists <local/grub-ntldr-img>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ profile grub-probe @{exec_path} flags=(complain) {
|
||||||
|
|
||||||
capability sys_admin,
|
capability sys_admin,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}bin/lsb_release rPx -> lsb_release,
|
/{usr/,}bin/lsb_release rPx -> lsb_release,
|
||||||
/{usr/,}bin/udevadm rPx,
|
/{usr/,}bin/udevadm rPx,
|
||||||
/{usr/,}{local/,}{s,}bin/zpool rPx,
|
/{usr/,}{local/,}{s,}bin/zpool rPx,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-reboot @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-reboot>
|
include if exists <local/grub-reboot>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-render-label @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-render-label>
|
include if exists <local/grub-render-label>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-script-check @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/boot/grub/grub.cfg{.new,} rw,
|
/boot/grub/grub.cfg{.new,} rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-set-default @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-set-default>
|
include if exists <local/grub-set-default>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile grub-syslinux2cfg @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
include if exists <local/grub-syslinux2cfg>
|
include if exists <local/grub-syslinux2cfg>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ profile mullvad-gui @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mrix,
|
@{exec_path} mrix,
|
||||||
|
|
||||||
"/opt/Mullvad VPN/*.so*" rm,
|
"/opt/Mullvad VPN/*.so*" mr,
|
||||||
|
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}bin/gsettings rix,
|
/{usr/,}bin/gsettings rix,
|
||||||
|
|
|
||||||
|
|
@ -77,10 +77,10 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
# Can copy any program to the initframs
|
# Can copy any program to the initframs
|
||||||
/{usr/,}bin/ r,
|
/{usr/,}bin/ r,
|
||||||
/{usr/,}bin/[a-z0-9]* rm,
|
/{usr/,}bin/[a-z0-9]* mr,
|
||||||
/{usr/,}lib/plymouth/plymouthd-* rm,
|
/{usr/,}lib/plymouth/plymouthd-* mr,
|
||||||
/{usr/,}lib/systemd/systemd-* rm,
|
/{usr/,}lib/systemd/systemd-* mr,
|
||||||
/{usr/,}lib/udev/[a-z0-9]* rm,
|
/{usr/,}lib/udev/[a-z0-9]* mr,
|
||||||
|
|
||||||
# Manage /boot
|
# Manage /boot
|
||||||
/ r,
|
/ r,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile update-grub @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}{s,}bin/grub-mkconfig rPx,
|
/{usr/,}{s,}bin/grub-mkconfig rPx,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ profile anyremote @{exec_path} {
|
||||||
network inet stream,
|
network inet stream,
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}bin/cat rix,
|
/{usr/,}bin/cat rix,
|
||||||
|
|
|
||||||
|
|
@ -58,14 +58,14 @@ profile man_groff {
|
||||||
|
|
||||||
signal peer=man,
|
signal peer=man,
|
||||||
|
|
||||||
/{usr/,}bin/eqn rm,
|
/{usr/,}bin/eqn mr,
|
||||||
/{usr/,}bin/grap rm,
|
/{usr/,}bin/grap mr,
|
||||||
/{usr/,}bin/pic rm,
|
/{usr/,}bin/pic mr,
|
||||||
/{usr/,}bin/preconv rm,
|
/{usr/,}bin/preconv mr,
|
||||||
/{usr/,}bin/refer rm,
|
/{usr/,}bin/refer mr,
|
||||||
/{usr/,}bin/tbl rm,
|
/{usr/,}bin/tbl mr,
|
||||||
/{usr/,}bin/troff rm,
|
/{usr/,}bin/troff mr,
|
||||||
/{usr/,}bin/vgrind rm,
|
/{usr/,}bin/vgrind mr,
|
||||||
|
|
||||||
/{usr/,}lib/groff/site-tmac/** r,
|
/{usr/,}lib/groff/site-tmac/** r,
|
||||||
/usr/share/groff/** r,
|
/usr/share/groff/** r,
|
||||||
|
|
@ -83,14 +83,14 @@ profile man_filter {
|
||||||
|
|
||||||
signal peer=man,
|
signal peer=man,
|
||||||
|
|
||||||
/{usr/,}bin/bzip2 rm,
|
/{usr/,}bin/bzip2 mr,
|
||||||
/{usr/,}bin/gzip rm,
|
/{usr/,}bin/gzip mr,
|
||||||
/{usr/,}bin/col rm,
|
/{usr/,}bin/col mr,
|
||||||
/{usr/,}bin/compress rm,
|
/{usr/,}bin/compress mr,
|
||||||
/{usr/,}bin/iconv rm,
|
/{usr/,}bin/iconv mr,
|
||||||
/{usr/,}bin/lzip.lzip rm,
|
/{usr/,}bin/lzip.lzip mr,
|
||||||
/{usr/,}bin/tr rm,
|
/{usr/,}bin/tr mr,
|
||||||
/{usr/,}bin/xz rm,
|
/{usr/,}bin/xz mr,
|
||||||
|
|
||||||
# Manual pages can be more or less anywhere, especially with "man -l", and
|
# Manual pages can be more or less anywhere, especially with "man -l", and
|
||||||
# there's no harm in allowing wide read access here since the worst it can
|
# there's no harm in allowing wide read access here since the worst it can
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile sanoid @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/perl>
|
include <abstractions/perl>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}bin/perl rix,
|
/{usr/,}bin/perl rix,
|
||||||
/{usr/,}bin/ps rPx,
|
/{usr/,}bin/ps rPx,
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ profile syncoid @{exec_path} flags=(complain) {
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
include <abstractions/perl>
|
include <abstractions/perl>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}bin/grep rix,
|
/{usr/,}bin/grep rix,
|
||||||
/{usr/,}bin/mbuffer rix,
|
/{usr/,}bin/mbuffer rix,
|
||||||
/{usr/,}bin/perl rix,
|
/{usr/,}bin/perl rix,
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ profile zpool @{exec_path} {
|
||||||
|
|
||||||
capability sys_admin,
|
capability sys_admin,
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix,
|
/{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix,
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{exec_path} rm,
|
@{exec_path} mr,
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}bin/cat rix,
|
/{usr/,}bin/cat rix,
|
||||||
/{usr/,}bin/cp rix,
|
/{usr/,}bin/cp rix,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue