mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(abs): improve some abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2023-08-27 14:40:56 +01:00
parent ec3c5cd62e
commit eb1c03949f
Failed to generate hash of commit
6 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/abstractions/chromium-common
View file

@ -1,5 +1,6 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022 Mikhail Morfikov
# Copyright (C) 2022-2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>, abi <abi/3.0>,

6
apparmor.d/abstractions/disks-read
View file

@ -16,11 +16,13 @@
/dev/{s,v}d[a-z]*@{int} rk, /dev/{s,v}d[a-z]*@{int} rk,
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r, @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r, @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r, @{sys}/devices/@{pci}{,/**}/ata@{int}/** r,
@{sys}/devices/@{pci}{,/**}/usb@{int}/** r,
@{sys}/devices/@{pci}{,/**}/virtio@{int}/** r,
# SSD Nvme devices # SSD Nvme devices
/dev/nvme[0-9]* rk, /dev/nvme[0-9]* rk,
@{sys}/devices/pci[0-9]*/**/nvme/nvme@{int}/{,**} r, @{sys}/devices/@{pci}{,/**}/nvme/nvme@{int}/{,**} r,
# SD card devices # SD card devices
/dev/mmcblk[0-9]* rk, /dev/mmcblk[0-9]* rk,

10
apparmor.d/abstractions/disks-write
View file

@ -14,13 +14,15 @@
# Regular disk/partition devices # Regular disk/partition devices
/dev/{s,v}d[a-z]* rwk, /dev/{s,v}d[a-z]* rwk,
/dev/{s,v}d[a-z]*@{int} rwk, /dev/{s,v}d[a-z]*@{int} rwk,
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r, @{sys}/devices/@{pci}{,/**}/block/{s,v}d[a-z]/ r,
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r, @{sys}/devices/@{pci}{,/**}/block/{s,v}d[a-z]/** r,
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r, @{sys}/devices/@{pci}{,/**}/ata@{int}/** r,
@{sys}/devices/@{pci}{,/**}/usb@{int}/** r,
@{sys}/devices/@{pci}{,/**}/virtio@{int}/** r,
# SSD Nvme devices # SSD Nvme devices
/dev/nvme[0-9]* rwk, /dev/nvme[0-9]* rwk,
@{sys}/devices/pci[0-9]*/**/nvme/nvme@{int}/{,**} r, @{sys}/devices/@{pci}{,/**}/nvme/nvme@{int}/{,**} r,
# SD card devices # SD card devices
/dev/mmcblk[0-9]* rwk, /dev/mmcblk[0-9]* rwk,

1
apparmor.d/abstractions/qt5-shader-cache
View file

@ -5,6 +5,7 @@
abi <abi/3.0>, abi <abi/3.0>,
owner @{user_cache_dirs}/ w,
owner @{user_cache_dirs}/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/#@{int} rw,
owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int},

1
apparmor.d/abstractions/totem
View file

@ -45,7 +45,6 @@
owner @{PROC}/@{pid}/{mountinfo,status} r, owner @{PROC}/@{pid}/{mountinfo,status} r,
@{run}/udev/data/c* r,
@{run}/udev/data/+drm:card* r, @{run}/udev/data/+drm:card* r,
@{run}/udev/data/+usb* r, @{run}/udev/data/+usb* r,

2
apparmor.d/abstractions/zsh
View file

@ -4,7 +4,7 @@
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
# This abstraction is only required when an interactive shell is started. # This abstraction is only required when an interactive shell is started.
# Classic bash scripts do not need it. # Classic shell scripts do not need it.
abi <abi/3.0>, abi <abi/3.0>,