mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update acpid

Browse source
This commit is contained in:
nobodysu 2022-01-16 23:31:45 +00:00 committed by GitHub
parent 70d50632bb
commit ec9a4d3a6c
Failed to generate hash of commit
1 changed files with 2 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/profiles-a-f/acpid
View file

@ -17,7 +17,7 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/{ba,da,}sh rix,
/{usr/,}bin/logger rix, /{usr/,}bin/logger rix,
/etc/acpi/powerbtn-acpi-support.sh rPx -> acpid//powerbtn-acpi-support.sh, /etc/acpi/powerbtn-acpi-support.sh rPx -> acpid//powerbtn-acpi-support.sh,
@ -39,12 +39,6 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
profile acpid//powerbtn-acpi-support.sh flags=(attach_disconnected) { profile acpid//powerbtn-acpi-support.sh flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/wutmp>
capability sys_ptrace,
deny capability net_admin, # ??
ptrace (read), # unconfined, tighten later, TODO
/etc/acpi/powerbtn-acpi-support.sh r, /etc/acpi/powerbtn-acpi-support.sh r,
@ -68,7 +62,7 @@ profile acpid//powerbtn-acpi-support.sh flags=(attach_disconnected) {
capability sys_tty_config, capability sys_tty_config,
/{usr/,}bin/fgconsole r, /{usr/,}bin/fgconsole r,
/dev/tty rw, /dev/tty rw,
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,
} }
@ -79,8 +73,6 @@ profile acpid//powerbtn-acpi-support.sh flags=(attach_disconnected) {
@{PROC} r, @{PROC} r,
@{PROC}/uptime r, @{PROC}/uptime r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/@{pids}/stat r,
@{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/cmdline r,
include if exists <local/acpid_powerbtn-acpi-support.sh> include if exists <local/acpid_powerbtn-acpi-support.sh>