mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add more apparmor profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2021-04-02 10:22:03 +01:00
parent 604b184c9d
commit facade62b6
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 108 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apparmor.d/profiles-a-l/freefall Normal file
View File

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/freefall
profile freefall @{exec_path} {
include <abstractions/base>
capability sys_nice,
capability ipc_lock,
capability mknod,
@{exec_path} mr,
/dev/freefall r,
/dev/sd[a-z] rk,
/dev/sd[a-z][0-9]* rk,
@{sys}/devices/**/unload_heads r,
@{sys}/class/leds/**/brightness r,
include if exists <local/freefall>
}

24
apparmor.d/profiles-m-z/pcscd Normal file
View File

@ -0,0 +1,24 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/pcscd
profile pcscd @{exec_path} {
include <abstractions/base>
include <abstractions/devices-usb>
network netlink raw,
@{exec_path} mr,
/etc/libccid_Info.plist r,
/etc/reader.conf.d/{,libccidtwin} r,
owner @{run}/pcscd/{,pcscd.pid} rw,
include if exists <local/pcscd>
}

33
apparmor.d/profiles-m-z/rngd Normal file
View File

@ -0,0 +1,33 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-3.0-or-later
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/rngd
profile rngd @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
@{exec_path} mr,
capability sys_admin,
capability sys_nice,
capability dac_read_search,
/etc/opensc.conf r,
/etc/conf.d/rngd r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
@{PROC}/sys/kernel/random/poolsize r,
@{PROC}/sys/kernel/random/write_wakeup_threshold rw,
/dev/hwrng r,
/dev/random w,
include if exists <local/rngd>
}

24
apparmor.d/profiles-m-z/xclip Normal file
View File

@ -0,0 +1,24 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020 krathalan https://git.sr.ht/~krathalan/apparmor-profiles/
# 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-3.0-only
# Version of program profiled: 0.13
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/xclip
profile xclip @{exec_path} {
include <abstractions/base>
network unix stream,
@{exec_path} mr,
# Mutt
owner /tmp/mutt-* rw,
owner @{HOME}/.Xauthority r,
deny /dev/tty rw,
}