mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profile): enable abi 4 rules by default.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-10-02 14:19:26 +01:00
parent 5ed4df6916
commit d6b7bef89e
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
13 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor.d/abstractions/app/chromium
View File

@ -43,7 +43,7 @@
include <abstractions/user-read-strict>
include <abstractions/video>
# userns,
userns,
capability setgid,
capability setuid,

2
apparmor.d/abstractions/app/firefox
View File

@ -30,7 +30,7 @@
include <abstractions/thumbnails-cache-read>
include <abstractions/uim>
# userns,
userns,
capability sys_admin, # If kernel.unprivileged_userns_clone = 1
capability sys_chroot, # If kernel.unprivileged_userns_clone = 1

2
apparmor.d/abstractions/common/bwrap
View File

@ -7,7 +7,7 @@
# - the flag: attach_disconnected
# - bwrap execution: '@{bin}/bwrap rix,'
# userns,
userns,
capability net_admin,
capability setpcap,

2
apparmor.d/abstractions/common/chromium
View File

@ -6,7 +6,7 @@
# This abstraction is for chromium based application. Chromium based browsers
# need to use abstractions/chromium instead.
# userns,
userns,
capability setgid, # If kernel.unprivileged_userns_clone = 1
capability setuid, # If kernel.unprivileged_userns_clone = 1

2
apparmor.d/abstractions/common/electron
View File

@ -18,7 +18,7 @@
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
# userns,
userns,
capability setgid, # If kernel.unprivileged_userns_clone = 1
capability setuid, # If kernel.unprivileged_userns_clone = 1

2
apparmor.d/groups/gnome/nautilus
View File

@ -26,7 +26,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict>
include <abstractions/trash-strict>
# mqueue r type=posix /,
mqueue r type=posix /,
#aa:dbus own bus=session name=org.gnome.Nautilus interface=org.gtk.{Application,Actions}
#aa:dbus own bus=session name=org.freedesktop.FileManager1

2
apparmor.d/groups/kde/plasmashell
View File

@ -28,7 +28,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
include <abstractions/ssl_certs>
include <abstractions/thumbnails-cache-read>
# userns,
userns,
capability sys_ptrace,

2
apparmor.d/groups/systemd/systemd-coredump
View File

@ -13,7 +13,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
include <abstractions/nameservice-strict>
include <abstractions/common/systemd>
# userns,
userns,
capability dac_override,
capability dac_read_search,

2
apparmor.d/groups/systemd/systemd-logind
View File

@ -27,7 +27,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
network netlink raw,
# mqueue r type=posix /,
mqueue r type=posix /,
unix (bind) type=stream addr=@@{hex16}/bus/systemd-logind/system,

2
apparmor.d/groups/ubuntu/package-system-locked
View File

@ -17,7 +17,7 @@ profile package-system-locked @{exec_path} flags=(attach_disconnected) {
network inet dgram,
network inet6 dgram,
# mqueue r type=posix /,
mqueue r type=posix /,
ptrace (read),

2
apparmor.d/groups/virt/virtiofsd
View File

@ -10,7 +10,7 @@ include <tunables/global>
profile virtiofsd @{exec_path} {
include <abstractions/base>
# userns,
userns,
capability chown,
capability dac_override,

2
apparmor.d/profiles-a-f/flatpak
View File

@ -18,7 +18,7 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
# userns,
userns,
capability dac_override,
capability dac_read_search,

2
apparmor.d/profiles-g-l/lvm
View File

@ -23,7 +23,7 @@ profile lvm @{exec_path} flags=(attach_disconnected) {
ptrace (read),
# mqueue r type=posix /,
mqueue r type=posix /,
@{exec_path} rm,