From b96362d915ae05fe467a686d756a1bc6d82df394 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 1 Oct 2024 18:30:13 +0100 Subject: [PATCH] fix(profile): add mkinitcpio to create UKI. fix #535 --- apparmor.d/groups/pacman/mkinitcpio | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/pacman/mkinitcpio b/apparmor.d/groups/pacman/mkinitcpio index b83ea2d3..0598b5d6 100644 --- a/apparmor.d/groups/pacman/mkinitcpio +++ b/apparmor.d/groups/pacman/mkinitcpio @@ -24,6 +24,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) { @{sh_path} rix, @{coreutils_path} rix, + @{bin}/{m,g,}awk rix, @{bin}/bsdtar rix, @{bin}/fc-match rix, @{bin}/findmnt rPx, @@ -34,6 +35,8 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) { @{bin}/ldconfig rix, @{bin}/ldd rix, @{bin}/loadkeys rix, + @{bin}/objcopy rix, + @{bin}/objdump rix, @{bin}/tput rix, @{bin}/xz rix, @{bin}/zcat rix, @@ -45,8 +48,10 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) { @{bin}/modprobe rPx, @{bin}/plymouth rPx, @{bin}/plymouth-set-default-theme rPx, + @{bin}/sbctl rPx, @{lib}/initcpio/busybox rix, + @{lib}/initcpio/post/** rix, @{lib}/ld-*.so* rix, /etc/fstab r, @@ -82,15 +87,22 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) { /boot/initramfs-*.img* rw, /boot/vmlinuz-* r, - # Temp files - owner @{run}/initramfs/{,**} rw, - owner @{run}/mkinitcpio.@{rand6}/{,**} rwl, + /usr/share/systemd/bootctl/** r, + + /etc/kernel/** r, + + /tmp/mkinitcpio.@{rand6} rw, + /tmp/mkinitcpio.@{rand6}.tmp rw, owner @{tmp}/mkinitcpio.@{rand6} rw, owner @{tmp}/mkinitcpio.@{rand6}/{,**} rwl, + owner @{run}/initcpio-tmp/mkinitcpio.@{rand6}/{,**} rwl, + owner @{run}/initramfs/{,**} rw, + owner @{run}/mkinitcpio.@{rand6}/{,**} rwl, @{sys}/class/block/ r, @{sys}/devices/{,**} r, + @{sys}/firmware/efi/fw_platform_size r, owner @{PROC}/@{pid}/mountinfo r,