mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-24 19:05:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

refractor: use @{python_path} in all profiles.
Some checks failed
Ubuntu / check (push) Has been cancelled
Details
Ubuntu / build (default, ubuntu-22.04) (push) Has been cancelled
Details
Ubuntu / build (default, ubuntu-24.04) (push) Has been cancelled
Details
Ubuntu / build (full-system-policy, ubuntu-22.04) (push) Has been cancelled
Details
Ubuntu / build (full-system-policy, ubuntu-24.04) (push) Has been cancelled
Details
Ubuntu / tests (push) Has been cancelled
Details

Browse source
This commit is contained in:
Alexandre Pujol 2025-02-17 21:28:40 +01:00
parent 5870e1ee40
commit af85db9148
Failed to generate hash of commit
77 changed files with 92 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/apt/apt-listchanges
View file

@ -17,7 +17,7 @@ profile apt-listchanges @{exec_path} {
#capability sys_tty_config, #capability sys_tty_config,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

4
apparmor.d/groups/apt/command-not-found
View file

@ -18,12 +18,12 @@ profile command-not-found @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/lsb_release rPx -> lsb_release, @{bin}/lsb_release rPx -> lsb_release,
@{bin}/snap rPUx, @{bin}/snap rPUx,
@{lib}/python3/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, @{lib}/@{python_name}/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
@{lib}/ r, @{lib}/ r,

2
apparmor.d/groups/apt/debsecan
View file

@ -21,7 +21,7 @@ profile debsecan @{exec_path} {
network inet6 stream, network inet6 stream,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/groups/apt/debtags
View file

@ -17,7 +17,7 @@ profile debtags @{exec_path} {
#capability sys_tty_config, #capability sys_tty_config,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

2
apparmor.d/groups/apt/querybts
View file

@ -26,7 +26,7 @@ profile querybts @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

4
apparmor.d/groups/apt/reportbug
View file

@ -28,7 +28,7 @@ profile reportbug @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,
@{bin}/selinuxenabled rix, @{bin}/selinuxenabled rix,
@ -57,7 +57,7 @@ profile reportbug @{exec_path} {
@{bin}/run-parts rCx -> run-parts, @{bin}/run-parts rCx -> run-parts,
@{open_path} rPx -> child-open, @{open_path} rPx -> child-open,
@{lib}/python3/dist-packages/pylocales/locales.db rk, @{lib}/@{python_name}/dist-packages/pylocales/locales.db rk,
/usr/share/bug/*/{control,presubj} r, /usr/share/bug/*/{control,presubj} r,

2
apparmor.d/groups/apt/unattended-upgrade
View file

@ -43,7 +43,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
@{bin}/echo rix, @{bin}/echo rix,
@{bin}/gdbus rix, @{bin}/gdbus rix,
@{bin}/ischroot rix, @{bin}/ischroot rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/test rix, @{bin}/test rix,
@{bin}/touch rix, @{bin}/touch rix,
@{bin}/uname rix, @{bin}/uname rix,

2
apparmor.d/groups/apt/update-apt-xapian-index
View file

@ -14,7 +14,7 @@ profile update-apt-xapian-index @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

2
apparmor.d/groups/bus/ibus-engine-table
View file

@ -14,7 +14,7 @@ profile ibus-engine-table @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
/usr/share/ibus-table/engine/{,**} r, /usr/share/ibus-table/engine/{,**} r,
/usr/share/ibus-table/tables/ r, /usr/share/ibus-table/tables/ r,

2
apparmor.d/groups/cups/cupsd
View file

@ -57,7 +57,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
@{bin}/ippfind rix, @{bin}/ippfind rix,
@{bin}/mktemp rix, @{bin}/mktemp rix,
@{bin}/printenv rix, @{bin}/printenv rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/rm rix, @{bin}/rm rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/smbspool rPx, @{bin}/smbspool rPx,

2
apparmor.d/groups/filesystem/udiskie
View file

@ -23,7 +23,7 @@ profile udiskie @{exec_path} {
include <abstractions/dri-enumerate> include <abstractions/dri-enumerate>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{open_path} rPx -> child-open, @{open_path} rPx -> child-open,

2
apparmor.d/groups/filesystem/udiskie-info
View file

@ -13,7 +13,7 @@ profile udiskie-info @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/bin/ r, /usr/bin/ r,

2
apparmor.d/groups/filesystem/udiskie-mount
View file

@ -13,7 +13,7 @@ profile udiskie-mount @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/bin/ r, /usr/bin/ r,

2
apparmor.d/groups/filesystem/udiskie-umount
View file

@ -13,7 +13,7 @@ profile udiskie-umount @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/bin/ r, /usr/bin/ r,

2
apparmor.d/groups/firewall/firewall-applet
View file

@ -17,7 +17,7 @@ profile firewall-applet @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} r, @{python_path} r,
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/groups/firewall/firewalld
View file

@ -42,7 +42,7 @@ profile firewalld @{exec_path} flags=(attach_disconnected) {
@{bin}/xtables-legacy-multi rix, @{bin}/xtables-legacy-multi rix,
@{bin}/xtables-nft-multi rix, @{bin}/xtables-nft-multi rix,
/usr/local/lib/python3.@{int}/dist-packages/ r, /usr/local/lib/@{python_name}/dist-packages/ r,
/usr/share/iproute2/{,**} r, /usr/share/iproute2/{,**} r,
/usr/share/libalternatives/{,**} r, /usr/share/libalternatives/{,**} r,

2
apparmor.d/groups/firewall/ufw
View file

@ -32,7 +32,7 @@ profile ufw @{exec_path} flags=(attach_disconnected) {
@{bin}/ r, @{bin}/ r,
@{bin}/cat ix, @{bin}/cat ix,
@{bin}/env r, @{bin}/env r,
@{bin}/python3.@{int} ix, @{python_path} ix,
@{bin}/sysctl ix, @{bin}/sysctl ix,
@{bin}/xtables-legacy-multi ix, @{bin}/xtables-legacy-multi ix,
@{bin}/xtables-nft-multi ix, @{bin}/xtables-nft-multi ix,

4
apparmor.d/groups/gnome/gnome-browser-connector-host
View file

@ -15,9 +15,9 @@ profile gnome-browser-connector-host @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/env rix, @{bin}/env rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/python3.@{int}/site-packages/gnome_browser_connector/__pycache__/{,**} rw, @{lib}/@{python_name}/site-packages/gnome_browser_connector/__pycache__/{,**} rw,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,

4
apparmor.d/groups/gnome/gnome-music
View file

@ -33,8 +33,8 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
@{bin}/ r, @{bin}/ r,
@{bin}/env r, @{bin}/env r,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw, @{lib}/@{python_name}/site-packages/gnomemusic/__pycache__/{,**} rw,
/usr/share/grilo-plugins/grl-lua-factory/{,*} r, /usr/share/grilo-plugins/grl-lua-factory/{,*} r,
/usr/share/org.gnome.Music/{,**} r, /usr/share/org.gnome.Music/{,**} r,

4
apparmor.d/groups/gnome/gnome-tweaks
View file

@ -21,11 +21,11 @@ profile gnome-tweaks @{exec_path} flags=(attach_disconnected) {
@{bin}/ r, @{bin}/ r,
@{bin}/env r, @{bin}/env r,
@{bin}/ps rPx, @{bin}/ps rPx,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{open_path} rPx -> child-open-help, @{open_path} rPx -> child-open-help,
@{lib}/python3.@{int}/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w, @{lib}/@{python_name}/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w,
/etc/xdg/autostart/{,**} r, /etc/xdg/autostart/{,**} r,

2
apparmor.d/groups/kde/kconf_update
View file

@ -25,7 +25,7 @@ profile kconf_update @{exec_path} {
@{sh_path} rix, @{sh_path} rix,
@{bin}/{,p}grep rix, @{bin}/{,p}grep rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/qtpaths rix, @{bin}/qtpaths rix,
@{bin}/sed rix, @{bin}/sed rix,

2
apparmor.d/groups/kde/kded
View file

@ -54,7 +54,7 @@ profile kded @{exec_path} {
@{bin}/kcminit rPx, @{bin}/kcminit rPx,
@{bin}/pgrep rCx -> pgrep, @{bin}/pgrep rCx -> pgrep,
@{bin}/plasma-welcome rPUx, @{bin}/plasma-welcome rPUx,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/setxkbmap rix, @{bin}/setxkbmap rix,
@{bin}/xmodmap rPUx, @{bin}/xmodmap rPUx,
@{bin}/xrdb rPx, @{bin}/xrdb rPx,

2
apparmor.d/groups/network/nm-dispatcher
View file

@ -45,7 +45,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
@{bin}/mktemp rix, @{bin}/mktemp rix,
@{bin}/netconfig rPUx, @{bin}/netconfig rPUx,
@{bin}/nmcli rix, @{bin}/nmcli rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/rm rix, @{bin}/rm rix,
@{bin}/run-parts rCx -> run-parts, @{bin}/run-parts rCx -> run-parts,

2
apparmor.d/groups/pacman/pacman-hook-code
View file

@ -16,7 +16,7 @@ profile pacman-hook-code @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/env r, @{bin}/env r,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/code/product.json rw, @{lib}/code/product.json rw,

2
apparmor.d/groups/steam/steam-game-proton
View file

@ -41,7 +41,7 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected,complain) {
@{bin}/gzip rix, @{bin}/gzip rix,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,
@{bin}/localedef rix, @{bin}/localedef rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/steam-runtime-launcher-interface-@{int} rix, @{bin}/steam-runtime-launcher-interface-@{int} rix,
@{bin}/steam-runtime-system-info rix, @{bin}/steam-runtime-system-info rix,

2
apparmor.d/groups/ubuntu/apport-checkreports
View file

@ -14,7 +14,7 @@ profile apport-checkreports @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/share/dpkg/cputable r, /usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,

4
apparmor.d/groups/ubuntu/check-new-release-gtk
View file

@ -32,8 +32,8 @@ profile check-new-release-gtk @{exec_path} {
@{bin}/ischroot rix, @{bin}/ischroot rix,
@{bin}/lsb_release rPx -> lsb_release, @{bin}/lsb_release rPx -> lsb_release,
@{lib}/python3/dist-packages/UpdateManager/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, @{lib}/@{python_name}/dist-packages/UpdateManager/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
@{lib}/python3/dist-packages/gi/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, @{lib}/@{python_name}/dist-packages/gi/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
/usr/share/distro-info/{,**} r, /usr/share/distro-info/{,**} r,
/usr/share/ubuntu-release-upgrader/{,**} r, /usr/share/ubuntu-release-upgrader/{,**} r,

2
apparmor.d/groups/ubuntu/list-oem-metapackages
View file

@ -17,7 +17,7 @@ profile list-oem-metapackages @{exec_path} {
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,
@{bin}/ischroot rix, @{bin}/ischroot rix,
@{lib}/python3/dist-packages/UbuntuDrivers/__pycache__/*.cpython-@{int}.pyc.@{int} rw, @{lib}/@{python_name}/dist-packages/UbuntuDrivers/__pycache__/*.cpython-@{int}.pyc.@{int} rw,
/etc/machine-id r, /etc/machine-id r,

2
apparmor.d/groups/ubuntu/software-properties-dbus
View file

@ -27,7 +27,7 @@ profile software-properties-dbus @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/env rix, @{bin}/env rix,
@{bin}/apt-key rPx, # Changing trusted keys @{bin}/apt-key rPx, # Changing trusted keys
@{bin}/lsb_release rPx -> lsb_release, @{bin}/lsb_release rPx -> lsb_release,

2
apparmor.d/groups/ubuntu/software-properties-gtk
View file

@ -28,7 +28,7 @@ profile software-properties-gtk @{exec_path} {
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/aplay rPx, @{bin}/aplay rPx,
@{bin}/apt-key rPx, @{bin}/apt-key rPx,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

6
apparmor.d/groups/ubuntu/update-manager
View file

@ -51,9 +51,9 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
@{bin}/uname rix, @{bin}/uname rix,
@{lib}/apt/methods/http{,s} rPx, @{lib}/apt/methods/http{,s} rPx,
@{lib}/python3/dist-packages/UpdateManager/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, @{lib}/@{python_name}/dist-packages/UpdateManager/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw,
@{lib}/python3/dist-packages/gi/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, @{lib}/@{python_name}/dist-packages/gi/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw,
@{lib}/python3/dist-packages/uaclient/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, @{lib}/@{python_name}/dist-packages/uaclient/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw,
/usr/share/distro-info/{,**} r, /usr/share/distro-info/{,**} r,
/usr/share/ubuntu-release-upgrader/{,**} r, /usr/share/ubuntu-release-upgrader/{,**} r,

2
apparmor.d/groups/ubuntu/update-motd-updates-available
View file

@ -18,7 +18,7 @@ profile update-motd-updates-available @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/python3.@{int} r, @{python_path} r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/apt-config rPx, @{bin}/apt-config rPx,

2
apparmor.d/groups/ubuntu/update-notifier
View file

@ -49,7 +49,7 @@ profile update-notifier @{exec_path} {
/usr/share/apport/apport-checkreports rPx, /usr/share/apport/apport-checkreports rPx,
/usr/share/apport/apport-gtk rPx, /usr/share/apport/apport-gtk rPx,
@{lib}/python3.@{int}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw, @{lib}/@{python_name}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw,
/usr/share/dpkg/cputable r, /usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,

2
apparmor.d/groups/virt/cockpit-bridge
View file

@ -39,7 +39,7 @@ profile cockpit-bridge @{exec_path} {
@{bin}/date ix, @{bin}/date ix,
@{bin}/find ix, @{bin}/find ix,
@{bin}/ip ix, @{bin}/ip ix,
@{bin}/python3.@{int} ix, @{python_path} ix,
@{bin}/test ix, @{bin}/test ix,
@{bin}/file ix, @{bin}/file ix,

2
apparmor.d/groups/whonix/sdwdate-gui
View file

@ -28,7 +28,7 @@ profile sdwdate-gui @{exec_path} {
@{lib}/sdwdate-gui/log-viewer rix, @{lib}/sdwdate-gui/log-viewer rix,
@{lib}/helper-scripts/* rix, @{lib}/helper-scripts/* rix,
@{lib}/python3/dist-packages/sdwdate_gui/__pycache__/ rw, @{lib}/@{python_name}/dist-packages/sdwdate_gui/__pycache__/ rw,
@{lib}/sdwdate-gui/ r, @{lib}/sdwdate-gui/ r,

4
apparmor.d/profiles-a-f/alacarte
View file

@ -14,9 +14,9 @@ profile alacarte @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} mr, @{exec_path} mr,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/python3.@{int}/site-packages/Alacarte/{,**/}__pycache__/*.cpython-@{int}.*.pyc.@{int} w, @{lib}/@{python_name}/site-packages/Alacarte/{,**/}__pycache__/*.cpython-@{int}.*.pyc.@{int} w,
/usr/share/alacarte/{,**} r, /usr/share/alacarte/{,**} r,
/usr/share/desktop-directories/{,**} r, /usr/share/desktop-directories/{,**} r,

2
apparmor.d/profiles-a-f/arandr
View file

@ -19,7 +19,7 @@ profile arandr @{exec_path} {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/xrandr rPx, @{bin}/xrandr rPx,

2
apparmor.d/profiles-a-f/borg
View file

@ -27,7 +27,7 @@ profile borg @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/{,@{multiarch}-}ld.bfd rix, @{bin}/{,@{multiarch}-}ld.bfd rix,
@{bin}/cat rix, @{bin}/cat rix,

2
apparmor.d/profiles-a-f/convertall
View file

@ -20,7 +20,7 @@ profile convertall @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
/usr/share/convertall/{,**} r, /usr/share/convertall/{,**} r,
/usr/share/doc/convertall/{,*} r, /usr/share/doc/convertall/{,*} r,

2
apparmor.d/profiles-a-f/execute-dcut
View file

@ -13,7 +13,7 @@ profile execute-dcut @{exec_path} flags=(complain) {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
include if exists <local/execute-dcut> include if exists <local/execute-dcut>
} }

2
apparmor.d/profiles-a-f/execute-dput
View file

@ -15,7 +15,7 @@ profile execute-dput @{exec_path} flags=(complain) {
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

2
apparmor.d/profiles-a-f/fail2ban-client
View file

@ -15,7 +15,7 @@ profile fail2ban-client @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} r, @{python_path} r,
/etc/fail2ban/{,**} r, /etc/fail2ban/{,**} r,

2
apparmor.d/profiles-a-f/fail2ban-server
View file

@ -24,7 +24,7 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) {
@{bin}/iptables rix, @{bin}/iptables rix,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} r, @{python_path} r,
/etc/fail2ban/{,**} r, /etc/fail2ban/{,**} r,

2
apparmor.d/profiles-g-l/gajim
View file

@ -86,7 +86,7 @@ profile gajim @{exec_path} {
# Silencer # Silencer
deny /usr/share/gajim/** w, deny /usr/share/gajim/** w,
deny /usr/lib/python3/dist-packages/** w, deny @{lib}/@{python_name}/dist-packages/** w,
profile ccache { profile ccache {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/profiles-g-l/ganyremote
View file

@ -22,7 +22,7 @@ profile ganyremote @{exec_path} {
network inet6 stream, network inet6 stream,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/profiles-g-l/gpo
View file

@ -22,7 +22,7 @@ profile gpo @{exec_path} {
network inet6 stream, network inet6 stream,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/profiles-g-l/gpodder
View file

@ -24,7 +24,7 @@ profile gpodder @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/profiles-g-l/gpodder-migrate2tres
View file

@ -13,7 +13,7 @@ profile gpodder-migrate2tres @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/profiles-g-l/hardinfo
View file

@ -38,7 +38,7 @@ profile hardinfo @{exec_path} {
@{bin}/locale rix, @{bin}/locale rix,
@{bin}/make rix, @{bin}/make rix,
@{bin}/perl rix, @{bin}/perl rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/route rix, @{bin}/route rix,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby[0-9].@{int} rix,
@{bin}/strace rix, @{bin}/strace rix,

2
apparmor.d/profiles-g-l/hypnotix
View file

@ -31,7 +31,7 @@ profile hypnotix @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} rix, @{exec_path} rix,
@{bin}/python3.@{int} r, @{python_path} r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,

2
apparmor.d/profiles-g-l/install-printerdriver
View file

@ -16,7 +16,7 @@ profile install-printerdriver @{exec_path} flags=(complain) {
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/share/system-config-printer/{,**} r, /usr/share/system-config-printer/{,**} r,

2
apparmor.d/profiles-g-l/iotop
View file

@ -21,7 +21,7 @@ profile iotop @{exec_path} {
@{bin}/ r, @{bin}/ r,
@{bin}/file rix, @{bin}/file rix,
@{bin}/python3.@{int} r, @{python_path} r,
/etc/magic r, /etc/magic r,

2
apparmor.d/profiles-g-l/kconfig-hardened-check
View file

@ -13,7 +13,7 @@ profile kconfig-hardened-check @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,

2
apparmor.d/profiles-m-r/metadata-cleaner
View file

@ -18,7 +18,7 @@ profile metadata-cleaner @{exec_path} flags=(attach_disconnected) {
include <abstractions/user-write-strict> include <abstractions/user-write-strict>
@{exec_path} mr, @{exec_path} mr,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/bwrap rCx -> bwrap, @{bin}/bwrap rCx -> bwrap,
@{open_path} rPx -> child-open-help, @{open_path} rPx -> child-open-help,

2
apparmor.d/profiles-m-r/mpsyt
View file

@ -24,7 +24,7 @@ profile mpsyt @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,

4
apparmor.d/profiles-m-r/needrestart
View file

@ -31,7 +31,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
@{bin}/dpkg-query rpx, @{bin}/dpkg-query rpx,
@{bin}/fail2ban-server rPx, @{bin}/fail2ban-server rPx,
@{bin}/locale rix, @{bin}/locale rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/stty rix, @{bin}/stty rix,
@{bin}/systemctl rCx -> systemctl, @{bin}/systemctl rCx -> systemctl,
@ -43,7 +43,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
@{lib}/needrestart/* rPx, @{lib}/needrestart/* rPx,
/usr/share/debconf/frontend rix, /usr/share/debconf/frontend rix,
@{att}/@{lib}/python3.@{int}/** r, @{att}/@{lib}/@{python_name}/** r,
/usr/share/needrestart/{,**} r, /usr/share/needrestart/{,**} r,
/usr/share/unattended-upgrades/unattended-upgrade-shutdown r, /usr/share/unattended-upgrades/unattended-upgrade-shutdown r,

2
apparmor.d/profiles-m-r/obamenu
View file

@ -13,7 +13,7 @@ profile obamenu @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/ r, @{bin}/ r,

2
apparmor.d/profiles-m-r/openbox
View file

@ -75,7 +75,7 @@ profile openbox @{exec_path} {
/etc/xdg/autostart/{,*} r, /etc/xdg/autostart/{,*} r,
# Silencer # Silencer
deny @{lib}/python3/** w, deny @{lib}/@{python_name}/** w,
deny owner @{user_lib_dirs}/python*/site-packages/ r, deny owner @{user_lib_dirs}/python*/site-packages/ r,
# file_inherit # file_inherit

2
apparmor.d/profiles-m-r/pass
View file

@ -53,7 +53,7 @@ profile pass @{exec_path} {
# Pass extensions # Pass extensions
@{bin}/oathtool ix, # pass-otp @{bin}/oathtool ix, # pass-otp
@{bin}/python3.@{int} Px -> pass-import, # pass-import, pass-audit @{python_path} Px -> pass-import, # pass-import, pass-audit
@{bin}/qrencode PUx, # pass-otp @{bin}/qrencode PUx, # pass-otp
@{bin}/tomb PUx, # pass-tomb @{bin}/tomb PUx, # pass-tomb

2
apparmor.d/profiles-m-r/pass-import
View file

@ -26,7 +26,7 @@ profile pass-import @{exec_path} {
@{bin}/ld rix, @{bin}/ld rix,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,
@{bin}/pass rPx, @{bin}/pass rPx,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/gcc/**/collect2 rix, @{lib}/gcc/**/collect2 rix,
@{lib}/python{2.[4-7],3,3.@{int}}/** w, # TODO: Test deny @{lib}/python{2.[4-7],3,3.@{int}}/** w, # TODO: Test deny

2
apparmor.d/profiles-m-r/ps-mem
View file

@ -17,7 +17,7 @@ profile ps-mem @{exec_path} {
ptrace (read), ptrace (read),
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,

6
apparmor.d/profiles-m-r/qbittorrent
View file

@ -29,7 +29,7 @@ profile qbittorrent @{exec_path} {
include <abstractions/ssl_certs> include <abstractions/ssl_certs>
include <abstractions/user-download-strict> include <abstractions/user-download-strict>
signal send set=(term, kill) peer=qbittorrent//python3, signal send set=(term, kill) peer=qbittorrent//python,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -68,7 +68,7 @@ profile qbittorrent @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{open_path} rPx -> child-open, @{open_path} rPx -> child-open,
@{bin}/python3.@{int} rCx -> python, # For "search engine" @{python_path} rCx -> python, # For "search engine"
# Allowed apps to open # Allowed apps to open
@{bin}/ebook-viewer rPx, @{bin}/ebook-viewer rPx,
@ -129,7 +129,7 @@ profile qbittorrent @{exec_path} {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
@{bin}/python3.@{int} r, @{python_path} r,
owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw, owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw,

2
apparmor.d/profiles-m-r/repo
View file

@ -27,7 +27,7 @@ profile repo @{exec_path} {
@{bin}/curl rix, @{bin}/curl rix,
@{bin}/env rix, @{bin}/env rix,
@{bin}/git rix, @{bin}/git rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{bin}/uname rix, @{bin}/uname rix,
@{lib}/git{,-core}/git* rix, @{lib}/git{,-core}/git* rix,

6
apparmor.d/profiles-m-r/rustdesk
View file

@ -36,7 +36,7 @@ profile rustdesk @{exec_path} {
@{bin}/ls rix, @{bin}/ls rix,
@{bin}/sudo rCx -> sudo, @{bin}/sudo rCx -> sudo,
@{bin}/python3.@{int} rCx -> python, @{python_path} rCx -> python,
@{sh_path} rCx -> shell, @{sh_path} rCx -> shell,
/etc/gdm{,3}/custom.conf r, /etc/gdm{,3}/custom.conf r,
@ -64,7 +64,7 @@ profile rustdesk @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{bin}/rustdesk rPx, @{bin}/rustdesk rPx,
@{bin}/python3.@{int} rPx -> rustdesk//python, @{python_path} rPx -> rustdesk//python,
include if exists <local/rustdesk_sudo> include if exists <local/rustdesk_sudo>
} }
@ -76,7 +76,7 @@ profile rustdesk @{exec_path} {
capability dac_read_search, capability dac_read_search,
capability dac_override, capability dac_override,
@{bin}/python3.@{int} r, @{python_path} r,
@{sh_path} rix, @{sh_path} rix,
@{bin}/chmod rix, @{bin}/chmod rix,

2
apparmor.d/profiles-s-z/speedtest
View file

@ -21,7 +21,7 @@ profile speedtest @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/file rix, @{bin}/file rix,

2
apparmor.d/profiles-s-z/system-config-printer
View file

@ -28,7 +28,7 @@ profile system-config-printer @{exec_path} flags=(complain) {
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} r, @{python_path} r,
@{lib}/cups/*/* rPUx, @{lib}/cups/*/* rPUx,
/usr/share/hplip/query.py rPUx, /usr/share/hplip/query.py rPUx,

2
apparmor.d/profiles-s-z/system-config-printer-applet
View file

@ -19,7 +19,7 @@ profile system-config-printer-applet @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} r, @{python_path} r,
/usr/share/system-config-printer/{,**} r, /usr/share/system-config-printer/{,**} r,

2
apparmor.d/profiles-s-z/terminator
View file

@ -30,7 +30,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,
@{bin}/python3.@{int} rix, @{python_path} rix,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/@{shells} rUx, @{bin}/@{shells} rUx,

2
apparmor.d/profiles-s-z/update-command-not-found
View file

@ -20,7 +20,7 @@ profile update-command-not-found @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{lib}/ r, @{lib}/ r,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

2
apparmor.d/profiles-s-z/vcsi
View file

@ -16,7 +16,7 @@ profile vcsi @{exec_path} {
include <abstractions/python> include <abstractions/python>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/ffmpeg rPx, @{bin}/ffmpeg rPx,

2
apparmor.d/profiles-s-z/vidcutter
View file

@ -25,7 +25,7 @@ profile vidcutter @{exec_path} {
include <abstractions/user-download-strict> include <abstractions/user-download-strict>
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,

4
apparmor.d/profiles-s-z/virt-manager
View file

@ -31,8 +31,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
@{exec_path} rix, @{exec_path} rix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/python3.@{int} rix, @{python_path} rix,
@{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-@{int}.pyc.@{int} w, @{lib}/@{python_name}/site-packages/__pycache__/guestfs.cpython-@{int}.pyc.@{int} w,
@{bin}/ r, @{bin}/ r,
@{bin}/env rix, @{bin}/env rix,

2
apparmor.d/profiles-s-z/wsdd
View file

@ -21,7 +21,7 @@ profile wsdd @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/env r, @{bin}/env r,
@{bin}/python3.@{int} rix, @{python_path} rix,
/etc/machine-id r, /etc/machine-id r,

2
apparmor.d/profiles-s-z/youtube-dl
View file

@ -30,7 +30,7 @@ profile youtube-dl @{exec_path} {
signal (receive) set=(term, kill), signal (receive) set=(term, kill),
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ffmpeg rPx, @{bin}/ffmpeg rPx,
@{bin}/ffprobe rPx, @{bin}/ffprobe rPx,

2
apparmor.d/profiles-s-z/yt-dlp
View file

@ -24,7 +24,7 @@ profile yt-dlp @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/file rix, @{bin}/file rix,

2
apparmor.d/profiles-s-z/ytdl
View file

@ -24,7 +24,7 @@ profile ytdl @{exec_path} {
signal (receive) set=(term, kill), signal (receive) set=(term, kill),
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/ r, @{bin}/ r,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,

2
apparmor.d/profiles-s-z/zenmap
View file

@ -20,7 +20,7 @@ profile zenmap @{exec_path} {
signal (send) set=(term, kill) peer=nmap, signal (send) set=(term, kill) peer=nmap,
@{exec_path} r, @{exec_path} r,
@{bin}/python3.@{int} r, @{python_path} r,
@{bin}/nmap rPx, @{bin}/nmap rPx,