mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-25 06:27:49 +01:00
29 lines
623 B
Text
29 lines
623 B
Text
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2020-2021 Mikhail Morfikov
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
@{exec_path} = /{usr/,}lib/systemd/systemd-fsck
|
|
profile systemd-fsck @{exec_path} {
|
|
include <abstractions/base>
|
|
include <abstractions/consoles>
|
|
include <abstractions/disks-read>
|
|
include <abstractions/systemd-common>
|
|
|
|
capability sys_resource,
|
|
|
|
# Needed?
|
|
deny capability net_admin,
|
|
|
|
@{exec_path} mr,
|
|
|
|
/{usr/,}sbin/fsck rPx,
|
|
/{usr/,}sbin/e2fsck rPx,
|
|
|
|
owner @{run}/systemd/quotacheck w,
|
|
|
|
include if exists <local/systemd-fsck>
|
|
}
|