mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-12 07:17:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor.d/profiles/inxi
Alexandre Pujol b57f29ee7b
Rewrite Copyright header, use SPDX style.
2021-04-01 16:17:47 +01:00

170 lines
3.7 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/inxi
profile inxi @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/perl>
include <abstractions/openssl>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
@{exec_path} r,
/{usr/,}bin/perl r,
/{usr/,}bin/ r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/zsh rix,
/{usr/,}bin/tty rix,
/{usr/,}bin/tput rix,
/{usr/,}bin/{,@{multiarch}-}gcc-[0-9]* rix,
/{usr/,}bin/getconf rix,
/{usr/,}bin/file rix,
/{usr/,}bin/ip rCx -> ip,
/{usr/,}lib/systemd/systemd rCx -> systemd,
/{usr/,}bin/kmod rCx -> kmod,
/{usr/,}bin/udevadm rCx -> udevadm,
/{usr/,}bin/systemctl rPx -> child-systemctl,
# Do not strip env to avoid errors like the following:
# ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
# shared object file): ignored.
/{usr/,}bin/dpkg-query rpx,
/{usr/,}bin/compton rPx,
/{usr/,}bin/xrandr rPx,
/{usr/,}bin/glxinfo rPx,
/{usr/,}bin/lspci rPx,
/{usr/,}bin/lsusb rPx,
/{usr/,}bin/lsblk rPx,
/{usr/,}bin/sensors rPx,
/{usr/,}bin/uptime rPx,
/{usr/,}sbin/dmidecode rPx,
/{usr/,}bin/xdpyinfo rPx,
/{usr/,}bin/who rPx,
/{usr/,}bin/xprop rPx,
/{usr/,}bin/df rPx,
/{usr/,}sbin/blockdev rPx,
/{usr/,}bin/dig rPx,
/{usr/,}bin/ps rPx,
/{usr/,}bin/sudo rPx,
/{usr/,}bin/openbox rPx,
/{usr/,}bin/xset rPx,
/{usr/,}sbin/smartctl rPx,
/{usr/,}sbin/hddtemp rPx,
/etc/ r,
/etc/inxi.conf r,
/etc/issue r,
/etc/magic r,
/etc/apt/sources.list r,
/etc/apt/sources.list.d/{,*.list} r,
/var/log/ r,
/var/log/Xorg.[0-9]*.log r,
/home/ r,
@{HOME}/.local/share/xorg/ r,
@{HOME}/.local/share/xorg/Xorg.[0-9]*.log r,
# For shell pwd
/root/ r,
@{run}/ r,
@{PROC}/asound/ r,
@{PROC}/asound/version r,
@{PROC}/sys/kernel/hostname r,
@{PROC}/swaps r,
@{PROC}/partitions r,
@{PROC}/scsi/scsi r,
@{PROC}/cmdline r,
@{PROC}/version r,
@{PROC}/sys/vm/swappiness r,
@{PROC}/sys/vm/vfs_cache_pressure r,
@{PROC}/sys/dev/cdrom/info r,
@{PROC}/1/comm r,
/dev/ r,
/dev/mapper/ r,
/dev/disk/*/ r,
/dev/dm-[0-9]* r,
@{sys}/class/power_supply/ r,
@{sys}/class/net/ r,
@{sys}/firmware/acpi/tables/ r,
@{sys}/bus/usb/devices/ r,
@{sys}/devices/{,**} r,
@{sys}/module/*/version r,
@{sys}/power/wakeup_count r,
profile ip {
include <abstractions/base>
network netlink raw,
/{usr/,}bin/ip mr,
@{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r,
/etc/iproute2/group r,
}
profile systemd {
include <abstractions/base>
/{usr/,}lib/systemd/systemd mr,
/etc/systemd/user.conf r,
owner @{PROC}/@{pid}/stat r,
@{PROC}/sys/kernel/pid_max r,
@{PROC}/sys/kernel/threads-max r,
@{PROC}/1/cgroup r,
}
profile udevadm {
include <abstractions/base>
/{usr/,}bin/udevadm mr,
/etc/udev/udev.conf r,
owner @{PROC}/@{pid}/stat r,
@{PROC}/cmdline r,
@{PROC}/1/sched r,
@{PROC}/1/environ r,
@{PROC}/sys/kernel/osrelease r,
@{sys}/devices/pci[0-9]*/**/block/**/uevent r,
@{run}/udev/data/b* r,
}
profile kmod {
include <abstractions/base>
/{usr/,}bin/kmod mr,
@{PROC}/cmdline r,
@{PROC}/modules r,
}
include if exists <local/inxi>
}
Reference in a new issue View git blame Copy permalink