mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
4823 commits 23 branches 109 tags 32 MiB
Commit graph

4 commits

Author SHA1 Message Date
Vincas Dargis
e322c02c37 vulkan: allow reading /etc/vulkan/icd.d/ 
Recent Vulkan upgrades introduces new denies:

```
type=AVC msg=audit(1549749243.284:4250): apparmor="DENIED"
operation="open" profile="/usr/bin/vkcube" name="/etc/vulkan/icd.d/"
pid=16472 comm="vkcube" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
```

```
type=AVC msg=audit(1549800398.470:2612): apparmor="DENIED"
operation="open" profile="/usr/bin/vkcube"
name="/etc/vulkan/icd.d/test.j
son" pid=12230 comm="vkcube" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0
```

Update `vulkan` abstraction to allow reading new configuration directory.
 2019-02-10 14:07:17 +02:00
Matthew Garrett
d9ab83281b Add support for local additions to abstractions 
Local policy may want to extend or override abstractions, so add support for including local updates to them.

Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: intrigeri <intrigeri@boum.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2019-01-24 03:06:03 -08:00
Vincas Dargis
2438179b76 Use @{sys} tunable in profiles and abstractions 
Commit aa06528790 made @{sys} tunable
available by default.

Update profiles and abstractions to actually use @{sys} tunable for
better confinement in the future (when @{sys} becomes kernel var).

Closes LP#1728551
 2018-11-08 20:04:46 +02:00
Vincas Dargis
47520931be Add Vulkan abstraction 
Add abstraction for Vulkan API specific file paths.
 2018-05-22 21:48:13 +03:00