mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

Merge with other profile

Browse Source
This commit is contained in:
Hlib Korzhynskyy
2024-12-03 10:49:29 -03:30
parent 841cedb976
commit aba2d18eb3
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
profiles/apparmor.d/lsblk
View File

@@ -15,21 +15,26 @@ include <tunables/global>
profile lsblk /usr/bin/lsblk { profile lsblk /usr/bin/lsblk {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
capability dac_read_search,
@{sys}/block/ r, @{sys}/block/ r,
@{sys}/class/block/ r,
@{sys}/dev/block/ r, @{sys}/dev/block/ r,
@{sys}/devices/pci[0-9]*:[0-9]*/** r, @{sys}/devices/pci[0-9]*:[0-9]*/** r,
@{sys}/devices/virtual/** r, @{sys}/devices/virtual/** r,
@{sys}/devices/platform/** r,
/dev/sr[0-9]* rk,
@{run}/mount/** r,
@{run}/udev/data/** r, @{run}/udev/data/** r,
@{run}/mount/** r,
@{PROC}/swaps r, @{PROC}/swaps r,
@{PROC}/*/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
/etc/nsswitch.conf r,
/etc/passwd r,
/etc/group r,
include if exists <local/lsblk> include if exists <local/lsblk>
} }