mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

lsblk profile: Minor fixes

Browse Source 
Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107402
Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107455

Allow `/usr/bin/lsblk mr` to make this profile work from confined
profiles. Also, allow css devices to work properly with lsblk.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
This commit is contained in:
Maxime Bélair
2025-04-16 09:05:43 +02:00
parent ccf1b25d3d
commit 7b8232fe29
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
profiles/apparmor.d/lsblk
View File

@@ -18,6 +18,8 @@ profile lsblk /usr/bin/lsblk {
include <abstractions/consoles>
include <abstractions/nameservice-strict>
/usr/bin/lsblk mr,
@{sys}/block/ r,
@{sys}/class/block/ r,
@{sys}/dev/block/ r,
@@ -29,6 +31,9 @@ profile lsblk /usr/bin/lsblk {
# Needed for disks over network e.g. Hyper-V VMs (including Azure), IBM Power, ...
@{sys}/devices/**/host@{int}/** r,
# Needed for channel subsystem for IBM Z
@{sys}/devices/css[0-9]/** r,
/dev/sr[0-9]* rk,
@{run}/udev/data/** r,