apparmor/utils/net.apparmor.pkexec.aa-notify.policy

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
  "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>

  <action id="net.apparmor.pkexec.aa-notify.modify_profile">
    <description>AppArmor: modifying security profile</description>
    <message>To modify an AppArmor security profile, you need to authenticate.</message>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
    <annotate key="org.freedesktop.policykit.exec.argv1">add_rule</annotate>
  </action>
  <action id="net.apparmor.pkexec.aa-notify.create_userns">
    <description>AppArmor: adding userns profile</description>
    <message>To allow a program to use unprivileged user namespaces, you need to authenticate.</message>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
    <annotate key="org.freedesktop.policykit.exec.argv1">create_userns</annotate>
  </action>
  <action id="net.apparmor.pkexec.aa-notify.from_file">
    <description>AppArmor: Modifying profile from file</description>
    <message>To modify an AppArmor security profile from file, you need to authenticate.</message>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
    <annotate key="org.freedesktop.policykit.exec.argv1">from_file</annotate>
  </action>

</policyconfig>
aa-notify: Enhanced Graphical User Interfaces 2024-08-13 16:58:25 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE policyconfig PUBLIC`
			`"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"`
			`"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">`
			`<policyconfig>`

aa-notify: rename polkit files and template info from com.ubuntu We should be using apparmor controlled domains for these files. Rename the template file from com.ubuntu.pkexec.aa-notify.policy to net.apparmor.pkexec.aa-notify.policy And update the template file and the install file so that the files that are generated use net.apparmor instead of com.ubuntu Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-02-13 12:46:12 -08:00			`<action id="net.apparmor.pkexec.aa-notify.modify_profile">`
aa-notify: Enhanced Graphical User Interfaces 2024-08-13 16:58:25 +00:00			`<description>AppArmor: modifying security profile</description>`
			`<message>To modify an AppArmor security profile, you need to authenticate.</message>`
			`<defaults>`
			`<allow_any>auth_admin</allow_any>`
			`<allow_inactive>auth_admin</allow_inactive>`
			`<allow_active>auth_admin</allow_active>`
			`</defaults>`
			`<annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>`
			`<annotate key="org.freedesktop.policykit.exec.argv1">add_rule</annotate>`
			`</action>`
aa-notify: rename polkit files and template info from com.ubuntu We should be using apparmor controlled domains for these files. Rename the template file from com.ubuntu.pkexec.aa-notify.policy to net.apparmor.pkexec.aa-notify.policy And update the template file and the install file so that the files that are generated use net.apparmor instead of com.ubuntu Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-02-13 12:46:12 -08:00			`<action id="net.apparmor.pkexec.aa-notify.create_userns">`
aa-notify: Enhanced Graphical User Interfaces 2024-08-13 16:58:25 +00:00			`<description>AppArmor: adding userns profile</description>`
			`<message>To allow a program to use unprivileged user namespaces, you need to authenticate.</message>`
			`<defaults>`
			`<allow_any>auth_admin</allow_any>`
			`<allow_inactive>auth_admin</allow_inactive>`
			`<allow_active>auth_admin</allow_active>`
			`</defaults>`
			`<annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>`
			`<annotate key="org.freedesktop.policykit.exec.argv1">create_userns</annotate>`
			`</action>`
aa-notify: rename polkit files and template info from com.ubuntu We should be using apparmor controlled domains for these files. Rename the template file from com.ubuntu.pkexec.aa-notify.policy to net.apparmor.pkexec.aa-notify.policy And update the template file and the install file so that the files that are generated use net.apparmor instead of com.ubuntu Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-02-13 12:46:12 -08:00			`<action id="net.apparmor.pkexec.aa-notify.from_file">`
aa-notify: Adding support for merging notification. 2024-11-26 18:35:37 +00:00			`<description>AppArmor: Modifying profile from file</description>`
			`<message>To modify an AppArmor security profile from file, you need to authenticate.</message>`
			`<defaults>`
			`<allow_any>auth_admin</allow_any>`
			`<allow_inactive>auth_admin</allow_inactive>`
			`<allow_active>auth_admin</allow_active>`
			`</defaults>`
			`<annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>`
			`<annotate key="org.freedesktop.policykit.exec.argv1">from_file</annotate>`
			`</action>`
aa-notify: Enhanced Graphical User Interfaces 2024-08-13 16:58:25 +00:00
			`</policyconfig>`