mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-28 12:44:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/profiles-g-l/inxi

173 lines
3.6 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/inxi
profile inxi @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/perl>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
@{exec_path} r,
@{bin}/perl r,
@{bin}/ r,
@{sh_path} rix,
@{bin}/zsh rix,
@{bin}/tty rix,
@{bin}/tput rix,
@{bin}/getconf rix,
@{bin}/file rix,
@{lib}/llvm-[0-9]*/bin/clang rix,
@{bin}/{,@{multiarch}-}gcc-[0-9]* rix,
@{bin}/ip rCx -> ip,
@{bin}/kmod rCx -> kmod,
@{bin}/systemctl rCx -> systemctl,
@{bin}/udevadm rCx -> udevadm,
@{lib}/systemd/systemd rCx -> systemd,
# Do not strip env to avoid errors like the following:
# ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
# shared object file): ignored.
@{bin}/dpkg-query rpx,
@{bin}/blockdev rPx,
@{bin}/compton rPx,
@{bin}/df rPx,
@{bin}/dig rPx,
@{bin}/dmidecode rPx,
@{bin}/glxinfo rPx,
@{bin}/hddtemp rPx,
@{bin}/lsblk rPx,
@{bin}/lspci rPx,
@{bin}/lsusb rPx,
@{bin}/openbox rPx,
@{bin}/ps rPx,
@{bin}/sensors rPx,
@{bin}/smartctl rPx,
@{bin}/sudo rPx,
@{bin}/uptime rPx,
@{bin}/who rPx,
@{bin}/xdpyinfo rPx,
@{bin}/xprop rPx,
@{bin}/xrandr rPx,
@{bin}/xset rPx,
/etc/ r,
/etc/inxi.conf r,
/etc/issue r,
/etc/magic r,
/etc/apt/sources.list r,
/etc/apt/sources.list.d/{,*.list} r,
/var/log/ r,
/var/log/Xorg.@{int}.log r,
/home/ r,
@{user_share_dirs}/xorg/ r,
@{user_share_dirs}/xorg/Xorg.@{int}.log r,
# For shell pwd
/root/ r,
@{run}/ r,
@{sys}/class/power_supply/ r,
@{sys}/class/net/ r,
@{sys}/firmware/acpi/tables/ r,
@{sys}/bus/usb/devices/ r,
@{sys}/devices/{,**} r,
@{sys}/module/*/version r,
@{sys}/power/wakeup_count r,
@{PROC}/asound/ r,
@{PROC}/asound/version r,
@{PROC}/sys/kernel/hostname r,
@{PROC}/swaps r,
@{PROC}/partitions r,
@{PROC}/scsi/scsi r,
@{PROC}/cmdline r,
@{PROC}/version r,
@{PROC}/sys/vm/swappiness r,
@{PROC}/sys/vm/vfs_cache_pressure r,
@{PROC}/sys/dev/cdrom/info r,
@{PROC}/1/comm r,
/dev/ r,
/dev/mapper/ r,
/dev/disk/*/ r,
/dev/dm-[0-9]* r,
profile ip {
include <abstractions/base>
network netlink raw,
@{bin}/ip mr,
@{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r,
/etc/iproute2/group r,
include if exists <local/inxi_ip>
}
profile systemd {
include <abstractions/base>
include <abstractions/systemd-common>
@{lib}/systemd/systemd mr,
/etc/systemd/user.conf r,
include if exists <local/inxi_systemd>
}
profile udevadm {
include <abstractions/base>
include <abstractions/systemd-common>
@{bin}/udevadm mr,
/etc/udev/udev.conf r,
@{run}/udev/data/b* r,
@{sys}/devices/@{pci}/block/**/uevent r,
include if exists <local/inxi_udevadm>
}
profile kmod {
include <abstractions/base>
@{bin}/kmod mr,
@{PROC}/cmdline r,
@{PROC}/modules r,
include if exists <local/inxi_kmod>
}
profile systemctl {
include <abstractions/base>
include <abstractions/systemctl>
include if exists <local/inxi_systemctl>
}
include if exists <local/inxi>
}
Reference in a new issue View git blame Copy permalink