update apparmor profiles

This commit is contained in:
Mikhail Morfikov 2020-09-12 17:46:51 +02:00
parent 030d7a4a53
commit d1605c62b3
Failed to generate hash of commit
6 changed files with 11 additions and 3 deletions

View file

@ -120,7 +120,7 @@ profile dpkg @{exec_path} {
/{usr/,}bin/more mr, /{usr/,}bin/more mr,
/{usr/,}bin/diff mr, /{usr/,}bin/diff mr,
owner @{HOME}/.lesshst r, owner @{HOME}/.lesshs* rw,
# Diff changed config files # Diff changed config files
/etc/** r, /etc/** r,

View file

@ -47,6 +47,7 @@ profile mkinitramfs @{exec_path} {
/{usr/,}bin/cpio rix, /{usr/,}bin/cpio rix,
/{usr/,}bin/env rix, /{usr/,}bin/env rix,
/{usr/,}bin/rmdir rix, /{usr/,}bin/rmdir rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/ldd rCx -> ldd, /{usr/,}bin/ldd rCx -> ldd,
/{usr/,}sbin/ldconfig rCx -> ldconfig, /{usr/,}sbin/ldconfig rCx -> ldconfig,

View file

@ -48,5 +48,8 @@ profile runuser @{exec_path} {
/etc/default/runuser r, /etc/default/runuser r,
# file_inherit
owner /tmp/debian-security-support.postinst.*/output w,
#include if exists <local/runuser> #include if exists <local/runuser>
} }

View file

@ -81,6 +81,10 @@ profile man_groff {
signal peer=/usr/bin/man, signal peer=/usr/bin/man,
# @{profile_name} doesn't seem to work here. # @{profile_name} doesn't seem to work here.
signal peer=/usr/bin/man//&man_groff, signal peer=/usr/bin/man//&man_groff,
# file_inherit
owner /tmp/* rw,
} }
profile man_filter { profile man_filter {