mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(systemd): add initial version of all missing generator.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-22 20:55:01 +00:00
parent 0d124065b9
commit e247a3949e
Failed to generate hash of commit
13 changed files with 265 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
apparmor.d/groups/systemd/systemd-generator-bless-boot Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-bless-boot-generator
profile systemd-generator-bless-boot @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-bless-boot>
}

27
apparmor.d/groups/systemd/systemd-generator-cloud-init Normal file
View file

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/cloud-init-generator
profile systemd-generator-cloud-init @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@{bin}/{,ba,da}sh rix,
@{bin}/systemd-detect-virt rPx,
@{lib}/cloud-init/ds-identify rPUx,
@{run}/cloud-init/cloud-init-generator.log rw,
@{run}/cloud-init/disabled w,
@{PROC}/cmdline r,
include if exists <local/systemd-generator-cloud-init>
}

20
apparmor.d/groups/systemd/systemd-generator-cryptsetup Normal file
View file

@ -0,0 +1,20 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-cryptsetup-generator
profile systemd-generator-cryptsetup @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/systemd-common>
@{exec_path} mr,
/etc/crypttab r,
include if exists <local/systemd-generator-cryptsetup>
}

19
apparmor.d/groups/systemd/systemd-generator-debug Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-debug-generator
profile systemd-generator-debug @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-debug>
}

23
apparmor.d/groups/systemd/systemd-generator-ds-identify Normal file
View file

@ -0,0 +1,23 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/cloud-init/ds-identify
profile systemd-generator-ds-identify @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@{bin}/{,ba,da}sh r,
@{run}/cloud-init/.ds-identify.result r,
include if exists <local/systemd-generator-ds-identify>
}

20
apparmor.d/groups/systemd/systemd-generator-environment-arch Normal file
View file

@ -0,0 +1,20 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-environment-generators/10-arch
profile systemd-generator-environment-arch @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@{bin}/{,ba,da}sh r,
include if exists <local/systemd-generator-environment-arch>
}

18
apparmor.d/groups/systemd/systemd-generator-environment-flatpak Normal file
View file

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-environment-generators/60-flatpak-system-only
profile systemd-generator-environment-flatpak @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{bin}/flatpak rix,
include if exists <local/systemd-generator-environment-flatpak>
}

19
apparmor.d/groups/systemd/systemd-generator-hibernate-resume Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-hibernate-resume-generator
profile systemd-generator-hibernate-resume @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-hibernate-resume>
}

19
apparmor.d/groups/systemd/systemd-generator-integritysetup Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-integritysetup-generator
profile systemd-generator-integritysetup @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-integritysetup>
}

16
apparmor.d/groups/systemd/systemd-generator-ostree Normal file
View file

@ -0,0 +1,16 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/ostree-system-generator
profile systemd-generator-ostree @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
@{exec_path} mr,
include if exists <local/systemd-generator-ostree>
}

25
apparmor.d/groups/systemd/systemd-generator-run Normal file
View file

@ -0,0 +1,25 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-run-generator
profile systemd-generator-run @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
ptrace (read) peer=@{systemd},
@{exec_path} mr,
/etc/fstab r,
@{sys}/**/uevent r,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-run>
}

19
apparmor.d/groups/systemd/systemd-generator-system-update Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-system-update-generator
profile systemd-generator-system-update @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-system-update>
}

21
apparmor.d/groups/systemd/systemd-generator-veritysetup Normal file
View file

@ -0,0 +1,21 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-veritysetup-generator
profile systemd-generator-veritysetup @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/systemd-common>
ptrace (read) peer=@{systemd},
@{exec_path} mr,
@{PROC}/@{pid}/cgroup r,
include if exists <local/systemd-generator-veritysetup>
}