mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(profile): ensure pacman keyring update works.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-01-10 15:41:18 +00:00
parent 7cf7adc197
commit e8651dc367
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apparmor.d/groups/pacman/pacman
View File

@ -167,9 +167,17 @@ profile pacman @{exec_path} {
profile gpg {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/ssl_certs>
capability dac_read_search,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
@{bin}/gpg{,2} mr,
@{bin}/gpgconf mr,
@{bin}/gpgsm mr,
@ -183,13 +191,13 @@ profile pacman @{exec_path} {
@{HOME}/@{XDG_GPG_DIR}/*.conf r,
deny @{user_share_dirs}/sddm/* rw,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/tty@{int} rw,
owner /dev/pts/@{int} rw,
deny network inet stream,
deny network inet6 stream,
deny @{user_share_dirs}/sddm/* rw,
include if exists <local/pacman_gpg>
}