mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 14:55:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

BUILD_DIR -> user_build_dirs.

Browse source
This commit is contained in:
Alexandre Pujol 2021-08-22 15:28:23 +01:00
parent b65955d055
commit f922a5f8e8
Failed to generate hash of commit
30 changed files with 44 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/apt/apt
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt @{exec_path} = /{usr/,}bin/apt
profile apt @{exec_path} flags=(complain) { profile apt @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -119,7 +117,7 @@ profile apt @{exec_path} flags=(complain) {
/var/cache/apt/** rwk, /var/cache/apt/** rwk,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
profile editor flags=(complain) { profile editor flags=(complain) {
@ -164,7 +162,7 @@ profile apt @{exec_path} flags=(complain) {
/etc/dpkg/origins/debian r, /etc/dpkg/origins/debian r,
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
owner @{HOME}/** rwkl -> @{HOME}/**, owner @{HOME}/** rwkl -> @{HOME}/**,
audit deny owner @{HOME}/.* mrwkl, audit deny owner @{HOME}/.* mrwkl,
audit deny owner @{HOME}/.*/ rw, audit deny owner @{HOME}/.*/ rw,

4
apparmor.d/groups/apt/apt-extracttemplates
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-extracttemplates @{exec_path} = /{usr/,}bin/apt-extracttemplates
profile apt-extracttemplates @{exec_path} { profile apt-extracttemplates @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -26,7 +24,7 @@ profile apt-extracttemplates @{exec_path} {
owner /tmp/*.{config,template}.?????? rw, owner /tmp/*.{config,template}.?????? rw,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/apt-extracttemplates> include if exists <local/apt-extracttemplates>
} }

4
apparmor.d/groups/apt/apt-ftparchive
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-ftparchive @{exec_path} = /{usr/,}bin/apt-ftparchive
profile apt-ftparchive @{exec_path} { profile apt-ftparchive @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -18,7 +16,7 @@ profile apt-ftparchive @{exec_path} {
/etc/apt/apt.conf.d/{,*} r, /etc/apt/apt.conf.d/{,*} r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/apt-ftparchive> include if exists <local/apt-ftparchive>
} }

6
apparmor.d/groups/apt/apt-get
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-get @{exec_path} = /{usr/,}bin/apt-get
profile apt-get @{exec_path} flags=(complain) { profile apt-get @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -122,7 +120,7 @@ profile apt-get @{exec_path} flags=(complain) {
/var/cache/apt/** rwk, /var/cache/apt/** rwk,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /var/log/cron-apt/temp w, owner /var/log/cron-apt/temp w,
@ -171,7 +169,7 @@ profile apt-get @{exec_path} flags=(complain) {
/etc/dpkg/origins/debian r, /etc/dpkg/origins/debian r,
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
owner @{HOME}/** rwkl -> @{HOME}/**, owner @{HOME}/** rwkl -> @{HOME}/**,
audit deny owner @{HOME}/.* mrwkl, audit deny owner @{HOME}/.* mrwkl,
audit deny owner @{HOME}/.*/ rw, audit deny owner @{HOME}/.*/ rw,

4
apparmor.d/groups/apt/apt-methods-cdrom
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/cdrom @{exec_path} = /{usr/,}lib/apt/methods/cdrom
profile apt-methods-cdrom @{exec_path} { profile apt-methods-cdrom @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -37,7 +35,7 @@ profile apt-methods-cdrom @{exec_path} {
/root/ r, /root/ r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-copy
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/copy @{exec_path} = /{usr/,}lib/apt/methods/copy
profile apt-methods-copy @{exec_path} { profile apt-methods-copy @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -47,7 +45,7 @@ profile apt-methods-copy @{exec_path} {
owner /var/lib/apt/lists/partial/* rw, owner /var/lib/apt/lists/partial/* rw,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-file
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/file @{exec_path} = /{usr/,}lib/apt/methods/file
profile apt-methods-file @{exec_path} { profile apt-methods-file @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -47,7 +45,7 @@ profile apt-methods-file @{exec_path} {
owner /var/lib/apt/lists/partial/* rw, owner /var/lib/apt/lists/partial/* rw,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-ftp
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/ftp @{exec_path} = /{usr/,}lib/apt/methods/ftp
profile apt-methods-ftp @{exec_path} { profile apt-methods-ftp @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -37,7 +35,7 @@ profile apt-methods-ftp @{exec_path} {
/root/ r, /root/ r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-gpgv
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/gpgv @{exec_path} = /{usr/,}lib/apt/methods/gpgv
profile apt-methods-gpgv @{exec_path} { profile apt-methods-gpgv @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -83,7 +81,7 @@ profile apt-methods-gpgv @{exec_path} {
/etc/keyrings/*.gpg r, /etc/keyrings/*.gpg r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-http
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/http{,s} @{exec_path} = /{usr/,}lib/apt/methods/http{,s}
profile apt-methods-http @{exec_path} { profile apt-methods-http @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -67,7 +65,7 @@ profile apt-methods-http @{exec_path} {
@{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cgroup r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-mirror
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*} @{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*}
profile apt-methods-mirror @{exec_path} { profile apt-methods-mirror @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -37,7 +35,7 @@ profile apt-methods-mirror @{exec_path} {
/root/ r, /root/ r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-rred
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/rred @{exec_path} = /{usr/,}lib/apt/methods/rred
profile apt-methods-rred @{exec_path} { profile apt-methods-rred @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -47,7 +45,7 @@ profile apt-methods-rred @{exec_path} {
owner /var/lib/apt/lists/partial/* rw, owner /var/lib/apt/lists/partial/* rw,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-rsh
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh @{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh
profile apt-methods-rsh @{exec_path} { profile apt-methods-rsh @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -37,7 +35,7 @@ profile apt-methods-rsh @{exec_path} {
/root/ r, /root/ r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-methods-store
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/store @{exec_path} = /{usr/,}lib/apt/methods/store
profile apt-methods-store @{exec_path} { profile apt-methods-store @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -52,7 +50,7 @@ profile apt-methods-store @{exec_path} {
owner /tmp/apt-changelog-*/*.changelog{,.*} rw, owner /tmp/apt-changelog-*/*.changelog{,.*} rw,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/apt-show-versions
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-show-versions @{exec_path} = /{usr/,}bin/apt-show-versions
profile apt-show-versions @{exec_path} { profile apt-show-versions @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -31,7 +29,7 @@ profile apt-show-versions @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/apt/aptitude
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/aptitude{,-curses} @{exec_path} = /{usr/,}bin/aptitude{,-curses}
profile aptitude @{exec_path} flags=(complain) { profile aptitude @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -162,7 +160,7 @@ profile aptitude @{exec_path} flags=(complain) {
/etc/machine-id r, /etc/machine-id r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
/var/log/cron-apt/temp w, /var/log/cron-apt/temp w,

4
apparmor.d/groups/apt/debsign
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/debsign @{exec_path} = /{usr/,}bin/debsign
profile debsign @{exec_path} { profile debsign @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -40,7 +38,7 @@ profile debsign @{exec_path} {
owner @{HOME}/.devscripts r, owner @{HOME}/.devscripts r,
# For package building # For package building
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
owner /tmp/debsign.*/ rw, owner /tmp/debsign.*/ rw,
owner /tmp/debsign.*/*.{dsc,changes,buildinfo}{,.asc} rw, owner /tmp/debsign.*/*.{dsc,changes,buildinfo}{,.asc} rw,

4
apparmor.d/groups/apt/debtags
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/debtags @{exec_path} = /{usr/,}bin/debtags
profile debtags @{exec_path} { profile debtags @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -36,7 +34,7 @@ profile debtags @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
/var/log/cron-apt/temp w , /var/log/cron-apt/temp w ,

4
apparmor.d/groups/apt/dpkg-checkbuilddeps
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps @{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps
profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { profile dpkg-checkbuilddeps @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -24,7 +22,7 @@ profile dpkg-checkbuilddeps @{exec_path} flags=(complain) {
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,
# For package building # For package building
owner @{BUILD_DIR}/**/debian/control r, owner @{user_build_dirs}/**/debian/control r,
include if exists <local/dpkg-checkbuilddeps> include if exists <local/dpkg-checkbuilddeps>
} }

4
apparmor.d/groups/apt/dpkg-deb
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-deb @{exec_path} = /{usr/,}bin/dpkg-deb
profile dpkg-deb @{exec_path} { profile dpkg-deb @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -36,7 +34,7 @@ profile dpkg-deb @{exec_path} {
/var/cache/apt/archives/*.deb r, /var/cache/apt/archives/*.deb r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/dpkg-deb> include if exists <local/dpkg-deb>
} }

4
apparmor.d/groups/apt/dpkg-genbuildinfo
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-genbuildinfo @{exec_path} = /{usr/,}bin/dpkg-genbuildinfo
profile dpkg-genbuildinfo @{exec_path} flags=(complain) { profile dpkg-genbuildinfo @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -19,7 +17,7 @@ profile dpkg-genbuildinfo @{exec_path} flags=(complain) {
/etc/dpkg/origins/debian r, /etc/dpkg/origins/debian r,
# For package building # For package building
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
/var/lib/dpkg/status r, /var/lib/dpkg/status r,

4
apparmor.d/groups/apt/dpkg-genchanges
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-genchanges @{exec_path} = /{usr/,}bin/dpkg-genchanges
profile dpkg-genchanges @{exec_path} flags=(complain) { profile dpkg-genchanges @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -22,7 +20,7 @@ profile dpkg-genchanges @{exec_path} flags=(complain) {
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,
# For package building # For package building
owner @{BUILD_DIR}/** r, owner @{user_build_dirs}/** r,
include if exists <local/dpkg-genchanges> include if exists <local/dpkg-genchanges>
} }

4
apparmor.d/groups/apt/dpkg-split
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-split @{exec_path} = /{usr/,}bin/dpkg-split
profile dpkg-split @{exec_path} { profile dpkg-split @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -26,7 +24,7 @@ profile dpkg-split @{exec_path} {
/var/cache/apt/archives/*.deb r, /var/cache/apt/archives/*.deb r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/dpkg-split> include if exists <local/dpkg-split>
} }

4
apparmor.d/groups/apt/synaptic
View file

@ -4,8 +4,6 @@
abi <abi/3.0>, abi <abi/3.0>,
@{BUILD_DIR} = @{MOUNTS}/debuilder/
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}sbin/synaptic /{usr/,}bin/synaptic-pkexec @{exec_path} = /{usr/,}sbin/synaptic /{usr/,}bin/synaptic-pkexec
@ -158,7 +156,7 @@ profile synaptic @{exec_path} {
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,
# For package building # For package building
@{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/profiles-a-l/changestool
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/changestool @{exec_path} = /{usr/,}bin/changestool
profile changestool @{exec_path} { profile changestool @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -21,7 +19,7 @@ profile changestool @{exec_path} {
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
# For package building # For package building
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
profile gpg { profile gpg {

10
apparmor.d/profiles-a-l/execute-dput
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput @{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput
profile execute-dput @{exec_path} flags=(complain) { profile execute-dput @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -34,10 +32,10 @@ profile execute-dput @{exec_path} flags=(complain) {
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
# sources dir # sources dir
owner @{BUILD_DIR}/**.changes r, owner @{user_build_dirs}/**.changes r,
owner @{BUILD_DIR}/**.dsc r, owner @{user_build_dirs}/**.dsc r,
owner @{BUILD_DIR}/**.buildinfo r, owner @{user_build_dirs}/**.buildinfo r,
owner @{BUILD_DIR}/**.tar.xz r, owner @{user_build_dirs}/**.tar.xz r,
profile gpg { profile gpg {

12
apparmor.d/profiles-a-l/kmod
View file

@ -7,8 +7,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/{kmod,lsmod} @{exec_path} = /{usr/,}bin/{kmod,lsmod}
@{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} @{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe}
profile kmod @{exec_path} { profile kmod @{exec_path} {
@ -54,11 +52,11 @@ profile kmod @{exec_path} {
# For local kernel build # For local kernel build
owner /tmp/depmod.*/lib/modules/*/ r, owner /tmp/depmod.*/lib/modules/*/ r,
owner /tmp/depmod.*/lib/modules/*/modules.* rw, owner /tmp/depmod.*/lib/modules/*/modules.* rw,
owner @{BUILD_DIR}/**/System.map r, owner @{user_build_dirs}/**/System.map r,
owner @{BUILD_DIR}/**/debian/*/lib/modules/*/ r, owner @{user_build_dirs}/**/debian/*/lib/modules/*/ r,
owner @{BUILD_DIR}/**/debian/*/lib/modules/*/modules.* rw, owner @{user_build_dirs}/**/debian/*/lib/modules/*/modules.* rw,
owner @{BUILD_DIR}/**/debian/*/lib/modules/*/kernel/{,**/} r, owner @{user_build_dirs}/**/debian/*/lib/modules/*/kernel/{,**/} r,
owner @{BUILD_DIR}/**/debian/*/lib/modules/*/kernel/**/*.ko r, owner @{user_build_dirs}/**/debian/*/lib/modules/*/kernel/**/*.ko r,
include if exists <local/kmod> include if exists <local/kmod>
} }

7
apparmor.d/profiles-m-z/reprepro
View file

@ -7,7 +7,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{REPO_DIR} = @{MOUNTS}/debuilder/repo @{REPO_DIR} = @{MOUNTS}/debuilder/repo
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/reprepro @{exec_path} = /{usr/,}bin/reprepro
profile reprepro @{exec_path} { profile reprepro @{exec_path} {
@ -51,9 +50,9 @@ profile reprepro @{exec_path} {
owner @{REPO_DIR}/*.deb r, owner @{REPO_DIR}/*.deb r,
# For package building # For package building
owner @{BUILD_DIR}/pbuilder/result/*.{dsc,changes} r, owner @{user_build_dirs}/pbuilder/result/*.{dsc,changes} r,
owner @{BUILD_DIR}/pbuilder/result/*.deb r, owner @{user_build_dirs}/pbuilder/result/*.deb r,
owner @{BUILD_DIR}/pbuilder/result/*.tar.* r, owner @{user_build_dirs}/pbuilder/result/*.tar.* r,
profile gpg { profile gpg {
include <abstractions/base> include <abstractions/base>

10
apparmor.d/profiles-m-z/uscan
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/uscan @{exec_path} = /{usr/,}bin/uscan
profile uscan @{exec_path} { profile uscan @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -38,7 +36,7 @@ profile uscan @{exec_path} {
/{usr/,}bin/uupdate rPUx, /{usr/,}bin/uupdate rPUx,
# To run custom maintainer scripts # To run custom maintainer scripts
owner @{BUILD_DIR}/**/debian/* rPUx, owner @{user_build_dirs}/**/debian/* rPUx,
/{usr/,}bin/gpg rCx -> gpg, /{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpgv rCx -> gpg, /{usr/,}bin/gpgv rCx -> gpg,
@ -49,7 +47,7 @@ profile uscan @{exec_path} {
/etc/magic r, /etc/magic r,
# For package building # For package building
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
# For GPG keys # For GPG keys
@ -67,8 +65,8 @@ profile uscan @{exec_path} {
owner /tmp/*/trustedkeys.gpg rw, owner /tmp/*/trustedkeys.gpg rw,
owner @{BUILD_DIR}/**/debian/upstream/signing-key.asc r, owner @{user_build_dirs}/**/debian/upstream/signing-key.asc r,
owner @{BUILD_DIR}/**/*.tar.* r, owner @{user_build_dirs}/**/*.tar.* r,
} }

4
apparmor.d/profiles-m-z/uupdate
View file

@ -6,8 +6,6 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/uupdate @{exec_path} = /{usr/,}bin/uupdate
profile uupdate @{exec_path} flags=(complain) { profile uupdate @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
@ -49,7 +47,7 @@ profile uupdate @{exec_path} flags=(complain) {
/etc/devscripts.conf r, /etc/devscripts.conf r,
# For package building # For package building
owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
include if exists <local/uupdates> include if exists <local/uupdates>
} }