# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ abi , include @{exec_path} = /{usr/,}lib/apt/apt.systemd.daily profile apt-systemd-daily @{exec_path} { include # Needed to remove the following error: # apt.systemd.daily[]: find: ‘/var/cache/apt/archives/partial’: Permission denied capability dac_read_search, @{exec_path} mrix, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/flock rix, /{usr/,}bin/cmp rix, /{usr/,}bin/cp rix, /{usr/,}bin/rm rix, /{usr/,}bin/mv rix, /{usr/,}bin/savelog rix, /{usr/,}bin/which rix, /{usr/,}bin/touch rix, /{usr/,}bin/basename rix, /{usr/,}bin/dirname rix, /{usr/,}bin/date rix, /{usr/,}bin/find rix, /{usr/,}bin/du rix, /{usr/,}bin/stat rix, /{usr/,}bin/sort rix, /{usr/,}bin/uniq rix, /{usr/,}bin/wc rix, /{usr/,}bin/seq rix, /{usr/,}bin/xargs rix, /{usr/,}bin/gzip rix, /{usr/,}bin/apt-config rPx, /{usr/,}bin/apt-get rPx, /etc/default/locale r, # The /daily_lock file is only used when the /var/lib/apt/daily_lock can be accessed. #/daily_lock w, /var/lib/apt/daily_lock wk, /var/lib/apt/extended_states r, /var/lib/apt/periodic/autoclean-stamp w, /var/backups/ r, /var/backups/apt.extended_states rw, /var/backups/apt.extended_states.[0-9]* rw, /var/backups/apt.extended_states.[0-9]*.gz w, /var/cache/apt/ r, /var/cache/apt/archives/ r, /var/cache/apt/archives/partial/ r, /var/cache/apt/archives/*.deb rw, /var/cache/apt/backup/ r, owner @{PROC}/@{pid}/fd/ r, include if exists }