mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(profile): better libdir for snap based profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-02-28 23:47:47 +00:00
parent 741980f8ab
commit cbbb2b4a3e
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
9 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.d/profiles-s-z/snap
View File

@ -6,8 +6,8 @@ abi <abi/3.0>,
include <tunables/global>
@{bin_dirs} = @{bin}/ /snap/snapd/@{int}@{bin}
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{bin_dirs} = @{bin}/ /snap/{snapd,core}/@{int}@{bin}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{bin_dirs}/snap
profile snap @{exec_path} {
@ -48,9 +48,9 @@ profile snap @{exec_path} {
@{bin}/systemctl rPx -> child-systemctl,
/snap/{,**} rw,
/snap/snapd/@{int}/usr/lib/snapd/snap-confine rPx -> /snap/snapd/@{int}/usr/lib/snapd/snap-confine,
@{lib}/snapd/snap-confine rPx -> /usr/lib/snapd/snap-confine,
@{lib_dirs}/snapd/snap-confine rPx,
@{lib_dirs}/snapd/snap-seccomp rPx,
@{lib_dirs}/snapd/snapd rPx,

2
apparmor.d/profiles-s-z/snap-discard-ns
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snap-discard-ns
profile snap-discard-ns @{exec_path} {

2
apparmor.d/profiles-s-z/snap-failure
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snap-failure
profile snap-failure @{exec_path} {

2
apparmor.d/profiles-s-z/snap-seccomp
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snap-seccomp
profile snap-seccomp @{exec_path} {

2
apparmor.d/profiles-s-z/snap-update-ns
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snap-update-ns
profile snap-update-ns @{exec_path} {

6
apparmor.d/profiles-s-z/snapd
View File

@ -6,8 +6,8 @@ abi <abi/3.0>,
include <tunables/global>
@{bin_dirs} = @{bin}/ /snap/snapd/@{int}@{bin}
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{bin_dirs} = @{bin}/ /snap/{snapd,core}/@{int}@{bin}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snapd
profile snapd @{exec_path} {
@ -88,7 +88,7 @@ profile snapd @{exec_path} {
@{bin_dirs}/xdelta3 rix,
@{lib_dirs}/@{multiarch}/** mr,
@{lib_dirs}/@{multiarch}/ld-*.so rix,
@{lib_dirs}/snapd/apparmor_parser rPx -> apparmor_parser,
@{lib_dirs}/snapd/apparmor_parser rPx,
@{lib_dirs}/snapd/snap-discard-ns rPx,
@{lib_dirs}/snapd/snap-seccomp rPx,
@{lib_dirs}/snapd/snap-update-ns rPx,

2
apparmor.d/profiles-s-z/snapd-aa-prompt-listener
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snapd-aa-prompt-listener
profile snapd-aa-prompt-listener @{exec_path} {

4
apparmor.d/profiles-s-z/snapd-aa-prompt-ui
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snapd-aa-prompt-ui
profile snapd-aa-prompt-ui @{exec_path} {
@ -14,7 +14,7 @@ profile snapd-aa-prompt-ui @{exec_path} {
@{exec_path} mrix,
/snap/snapd/@{int}@{lib}/snapd/info r,
@{lib_dirs}/snapd/info r,
@{PROC}/cmdline r,

3
apparmor.d/profiles-s-z/snapd-apparmor
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}
@{exec_path} = @{lib_dirs}/snapd/snapd-apparmor
profile snapd-apparmor @{exec_path} {
@ -15,7 +15,6 @@ profile snapd-apparmor @{exec_path} {
@{exec_path} mrix,
@{bin}/systemd-detect-virt rPx,
@{lib_dirs}/snapd/apparmor_parser rPx,
@{bin}/apparmor_parser rPx,
@{lib_dirs}/snapd/info r,