From d66a9b28866da135a916612395db157f97c49a9c Mon Sep 17 00:00:00 2001 From: Seth Arnold Date: Tue, 28 Aug 2007 23:05:56 +0000 Subject: [PATCH] fixes for abstractions from Mathias Gug --- profiles/apparmor.d/abstractions/nvidia | 12 ++++++++++++ profiles/apparmor.d/abstractions/orbit2 | 5 +++++ profiles/apparmor.d/abstractions/python | 14 ++++++++++++++ profiles/apparmor.d/abstractions/video | 6 ++++++ 4 files changed, 37 insertions(+) create mode 100644 profiles/apparmor.d/abstractions/nvidia create mode 100644 profiles/apparmor.d/abstractions/orbit2 create mode 100644 profiles/apparmor.d/abstractions/video diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia new file mode 100644 index 000000000..7e56a74bc --- /dev/null +++ b/profiles/apparmor.d/abstractions/nvidia @@ -0,0 +1,12 @@ +# vim:syntax=apparmor +# nvidia access requirements + + # configuration queries + capability ipc_lock, + + # device files + /dev/nvidia0 rw, + /dev/nvidiactl rw, + + /proc/interrupts r, + /proc/sys/vm/max_map_count r, diff --git a/profiles/apparmor.d/abstractions/orbit2 b/profiles/apparmor.d/abstractions/orbit2 new file mode 100644 index 000000000..b8df9df6d --- /dev/null +++ b/profiles/apparmor.d/abstractions/orbit2 @@ -0,0 +1,5 @@ +# vim:syntax=apparmor +# orbit2 permissions + + # system library + /usr/lib/orbit-2.0/*.so mr, diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python index 96527b7e4..988abee56 100644 --- a/profiles/apparmor.d/abstractions/python +++ b/profiles/apparmor.d/abstractions/python @@ -1,3 +1,4 @@ +# vim:syntax=apparmor # $Id$ # ------------------------------------------------------------------ # @@ -18,3 +19,16 @@ /usr/local/lib64/python2.[45]/site-packages/ r, /usr/local/lib/python2.[45]/**.{egg,py,pyc,pth,so} mr, /usr/local/lib/python2.[45]/site-packages/ r, + + # Site-wide configuration + /etc/python2.[45]/site.py r, + + # python-central paths + /usr/share/pycentral/** r, + /usr/share/python-support/** r, + /var/lib/python-support/** r, + /var/lib/python-support/**.so mr, + /usr/lib/python-support/**.so mr, + + # wx paths + /usr/lib/wx/python/*.pth r, diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video new file mode 100644 index 000000000..61cebaed6 --- /dev/null +++ b/profiles/apparmor.d/abstractions/video @@ -0,0 +1,6 @@ +# vim:syntax=apparmor +# video device access + + # System devices + /sys/class/video4linux r, + /sys/class/video4linux/** r,