mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-24 20:08:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): update some ctl tools.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-16 23:50:16 +01:00
parent a41f85e87b
commit c90d2fea94
Failed to generate hash of commit
3 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/systemd/busctl
View file

@ -43,6 +43,7 @@ profile busctl @{exec_path} {
@{PROC}/@{pid}/comm r,
@{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fdinfo/@{int} r,
owner @{PROC}/@{pid}/loginuid r,
owner @{PROC}/@{pid}/sessionid r,

10
apparmor.d/groups/systemd/loginctl
View file

@ -9,18 +9,24 @@ include <tunables/global>
@{exec_path} = @{bin}/loginctl
profile loginctl @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.login1.Session>
include <abstractions/bus/org.freedesktop.login1>
include <abstractions/common/systemd>
capability net_admin,
capability sys_resource,
signal send set=cont peer=child-pager,
#aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind
@{exec_path} mr,
@{pager_path} rPx -> child-pager,
@{PROC}/sys/fs/nr_open r,
owner @{PROC}/@{pid}/cgroup r,
include if exists <local/loginctl>
}

2
apparmor.d/groups/systemd/userdbctl
View file

@ -21,7 +21,7 @@ profile userdbctl @{exec_path} {
/etc/shadow r,
/etc/gshadow r,
@{PROC}/@{pid}/cgroup r,
@{PROC}/1/cgroup r,
include if exists <local/userdbctl>
}