Disks: support large number of disks.

Fix: #4 See: https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt
2024-11-15 07:54:17 +01:00 · 2021-12-01 13:38:14 +00:00 · 2021-12-01 13:38:14 +00:00 · b52cbe564c
commit b52cbe564c
parent ddc9fdef45
11 changed files with 23 additions and 23 deletions
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@ -9,8 +9,8 @@
  /dev/ r,

  # Regular disk/partition devices
-  /dev/{s,v}d[a-z] rk,
-  /dev/{s,v}d[a-z][0-9]* rk,
+  /dev/{s,v}d[a-z]* rk,
+  /dev/{s,v}d[a-z]*[0-9]* rk,
  @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
  @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
  @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
--- a/apparmor.d/abstractions/disks-write
+++ b/apparmor.d/abstractions/disks-write
@ -9,8 +9,8 @@
  /dev/ r,

  # Regular disk/partition devices
-  /dev/{s,v}d[a-z] rwk,
-  /dev/{s,v}d[a-z][0-9]* rwk,
+  /dev/{s,v}d[a-z]* rwk,
+  /dev/{s,v}d[a-z]*[0-9]* rwk,
  @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
  @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
  @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
--- a/apparmor.d/profiles-a-f/f3fix
+++ b/apparmor.d/profiles-a-f/f3fix
@ -54,7 +54,7 @@ profile f3fix @{exec_path} {
    @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,

    # file_inherit
-    /dev/sd[a-z] rw,
+    /dev/sd[a-z]* rw,

  }

--- a/apparmor.d/profiles-a-f/fatresize
+++ b/apparmor.d/profiles-a-f/fatresize
@ -53,7 +53,7 @@ profile fatresize @{exec_path} {
    @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,

    # file_inherit
-    /dev/{s,v}d[a-z] rw,
+    /dev/{s,v}d[a-z]* rw,

  }

--- a/apparmor.d/profiles-a-f/freefall
+++ b/apparmor.d/profiles-a-f/freefall
@ -17,8 +17,8 @@ profile freefall @{exec_path} {
  @{exec_path} mr,

  /dev/freefall rw,
-  /dev/sd[a-z] rk,
-  /dev/sd[a-z][0-9]* rk,
+  /dev/sd[a-z]* rk,
+  /dev/sd[a-z]*[0-9]* rk,

  @{sys}/devices/**/unload_heads r,
  @{sys}/class/leds/**/brightness r,
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@ -61,7 +61,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
  /dev/mei[0-9]* rw,
  /dev/tpm[0-9] rw,
  /dev/drm_dp_aux[0-9]* rw,
-  /dev/sd[a-z] r,
+  /dev/sd[a-z]* r,
  /dev/bus/usb/ r,
  /dev/bus/usb/[0-9]*/[0-9]* rw,
  /dev/wmi/* r,
--- a/apparmor.d/profiles-g-l/gpartedbin
+++ b/apparmor.d/profiles-g-l/gpartedbin
@ -152,19 +152,19 @@ profile gpartedbin @{exec_path} {

    /{usr/,}bin/mount mr,

-    mount /dev/{s,v}d[a-z][0-9]* -> /tmp/gparted-*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> /tmp/gparted-*/,

-    mount /dev/{s,v}d[a-z][0-9]* -> /boot/,
-    mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
-    mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> /boot/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,

    @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
    @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/dev r,
    @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r,
    @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r,

-    /dev/{s,v}d[a-z] r,
-    /dev/{s,v}d[a-z][0-9]* r,
+    /dev/{s,v}d[a-z]* r,
+    /dev/{s,v}d[a-z]*[0-9]* r,

  }

--- a/apparmor.d/profiles-g-l/hddtemp
+++ b/apparmor.d/profiles-g-l/hddtemp
@ -27,7 +27,7 @@ profile hddtemp @{exec_path} {
  @{exec_path} mr,

  # Monitored hard drives
-  /dev/sd[a-z] r,
+  /dev/sd[a-z]* r,

  # Database file that allows hddtemp to recognize supported drives
  /etc/hddtemp.db r,
--- a/apparmor.d/profiles-m-r/ntfs-3g
+++ b/apparmor.d/profiles-m-r/ntfs-3g
@ -36,10 +36,10 @@ profile ntfs-3g @{exec_path} {
  @{MOUNTS}/*/*/ r,

  # Allow to mount ntfs disks only under the /media/, /run/media, and /mnt/ dirs
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> /mnt/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> /mnt/*/,
  mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/,
  mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/*/,

--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@ -47,8 +47,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
  /{usr/,}bin/systemd-escape  rPx,

  # Allow mounting of removable devices
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]       -> @{MOUNTS}/*/*/,
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]*       -> @{MOUNTS}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,
  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/dm-[0-9]*     -> @{MOUNTS}/*/*/,
  # Allow mounting of loop devices (ISO files)
  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*        -> @{MOUNTS}/*/*/,
--- a/apparmor.d/profiles-s-z/whdd
+++ b/apparmor.d/profiles-s-z/whdd
@ -29,7 +29,7 @@ profile whdd @{exec_path} {
  owner @{PROC}/@{pid}/mounts r,
        @{PROC}/partitions r,

-  /dev/sd[a-z] rw,
+  /dev/sd[a-z]* rw,

  include if exists <local/whdd>
 }