From d1605c62b362b19ddbe18ebffba5af1873ee4b05 Mon Sep 17 00:00:00 2001 From: Mikhail Morfikov Date: Sat, 12 Sep 2020 17:46:51 +0200 Subject: [PATCH] update apparmor profiles --- apparmor.d/atom | 2 +- apparmor.d/dpkg | 2 +- apparmor.d/mkinitramfs | 1 + apparmor.d/openbox | 2 +- apparmor.d/runuser | 3 +++ apparmor.d/usr.bin.man | 4 ++++ 6 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apparmor.d/atom b/apparmor.d/atom index 9604415c..91215eee 100644 --- a/apparmor.d/atom +++ b/apparmor.d/atom @@ -184,7 +184,7 @@ profile atom @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - /usr/share/atom/** r, + /usr/share/atom/** r, } diff --git a/apparmor.d/dpkg b/apparmor.d/dpkg index e0e2532d..72ef4daf 100644 --- a/apparmor.d/dpkg +++ b/apparmor.d/dpkg @@ -120,7 +120,7 @@ profile dpkg @{exec_path} { /{usr/,}bin/more mr, /{usr/,}bin/diff mr, - owner @{HOME}/.lesshst r, + owner @{HOME}/.lesshs* rw, # Diff changed config files /etc/** r, diff --git a/apparmor.d/mkinitramfs b/apparmor.d/mkinitramfs index 65c58abd..c2e4f5ee 100644 --- a/apparmor.d/mkinitramfs +++ b/apparmor.d/mkinitramfs @@ -47,6 +47,7 @@ profile mkinitramfs @{exec_path} { /{usr/,}bin/cpio rix, /{usr/,}bin/env rix, /{usr/,}bin/rmdir rix, + /{usr/,}bin/tr rix, /{usr/,}bin/ldd rCx -> ldd, /{usr/,}sbin/ldconfig rCx -> ldconfig, diff --git a/apparmor.d/openbox b/apparmor.d/openbox index a43855e0..61200bdf 100644 --- a/apparmor.d/openbox +++ b/apparmor.d/openbox @@ -80,7 +80,7 @@ profile openbox @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty[0-9]* rw, #include if exists } diff --git a/apparmor.d/runuser b/apparmor.d/runuser index 247d5931..e817b2fd 100644 --- a/apparmor.d/runuser +++ b/apparmor.d/runuser @@ -48,5 +48,8 @@ profile runuser @{exec_path} { /etc/default/runuser r, + # file_inherit + owner /tmp/debian-security-support.postinst.*/output w, + #include if exists } diff --git a/apparmor.d/usr.bin.man b/apparmor.d/usr.bin.man index b6cd0be6..2d2ca199 100644 --- a/apparmor.d/usr.bin.man +++ b/apparmor.d/usr.bin.man @@ -81,6 +81,10 @@ profile man_groff { signal peer=/usr/bin/man, # @{profile_name} doesn't seem to work here. signal peer=/usr/bin/man//&man_groff, + + # file_inherit + owner /tmp/* rw, + } profile man_filter {