mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles/iotop-c: remove owner, redundant rules

Browse source 
- Remove `owner` in /proc/ rules to enable non-root users
- add "include if exists" line to pass the pipeline
- change <abstractions/nameservice> to smaller <abstractions/nameservice-strict>

Signed-off-by: Allen Huang <allen.huang@canonical.com>
This commit is contained in:
Allen Huang 2025-02-07 13:40:14 +00:00
parent e53cda33a3
commit 0c4f70d81b
Failed to generate hash of commit
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
profiles/apparmor.d/iotop-c
View file

@ -5,7 +5,7 @@ include <tunables/global>
profile iotop-c /usr/sbin/iotop-c {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/nameservice>
include <abstractions/nameservice-strict>
capability net_admin,
capability sys_admin,
@ -13,12 +13,10 @@ profile iotop-c /usr/sbin/iotop-c {
/proc/*/cmdline r,
/proc/*/task/ r,
/usr/sbin/iotop-c mr,
owner /etc/nsswitch.conf r,
owner /etc/passwd r,
owner /proc/ r,
owner /proc/sys/kernel/task_delayacct rw,
owner /proc/vmstat r,
/proc/ r,
/proc/sys/kernel/task_delayacct rw,
/proc/vmstat r,
owner @{HOME}/.config/iotop/iotoprc rw,
include if exists <local/iotop-c>
}