feat(abs): add the bash-strict.

2024-11-14 23:43:56 +01:00 · 2024-03-20 16:14:29 +00:00 · 2024-03-20 16:14:29 +00:00 · dbb0d76e52
commit dbb0d76e52
parent 5039dae148
1 changed files with 35 additions and 0 deletions
--- a/apparmor.d/abstractions/bash-strict
+++ b/apparmor.d/abstractions/bash-strict
@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# This abstraction is only required when an interactive shell is started.
+# Classic shell scripts do not need it.
+
+  /usr/share/bash-completion/{,**} r,
+  /usr/share/terminfo/{,**} r,
+
+  @{etc_ro}/profile.d/ r,
+  @{etc_ro}/profile.d/* r,
+  @{etc_ro}/profile.dos r,
+  @{etc_ro}/profile r,
+  @{etc_ro}/profile.d/ r,
+  @{etc_ro}/profile.d/* r,
+  /etc/bashrc r,
+  /etc/bash.bashrc r,
+  /etc/bash.bashrc.local r,
+  /etc/bash_completion r,
+  /etc/bash_completion.d/{,**} r,
+  /etc/inputrc r,
+  /etc/mtab r,
+
+  owner @{HOME}/.alias r,
+  owner @{HOME}/.bash_aliases r,
+  owner @{HOME}/.bash_history rw,
+  owner @{HOME}/.bash_profile r,
+  owner @{HOME}/.bashrc r,
+  owner @{HOME}/.i18n r,
+  owner @{HOME}/.profile r,
+
+  owner @{PROC}/@{pid}/mounts r,
+
+  include if exists <abstractions/bash-strict.d>