Diffs. ubuntu-browsers abstration is not from Debian, i've added it as an archive.
29.06.2017 08:35, intrigeri пишет: > artiom: >>> Could you please send these changes ideally as merge requests against >>> the relevant VCS repositories, or worst case as patches (clearly >>> stating what exact version of the affected files they were generated >>> against)? > >> Sorry, I haven't time now, until weekend. > > No problem, we can definitely wait a few days :) >
--- /usr/share/doc/apparmor-profiles/extras/sbin.dhclient 2017-03-28 13:29:15.000000000 +0300
+++ /etc/apparmor.d/sbin.dhclient 2017-06-27 22:48:18.314733833 +0300
@@ -54,18 +54,19 @@
/var/lib/dhcp/dhclient.leases rw,
/var/lib/dhcp/dhclient-*.leases rw,
/var/lib/dhcp6/dhclient.leases rw,
- /var/lib/NetworkManager/dhclient-*.conf r,
- /var/lib/NetworkManager/dhclient-*.lease rw,
+ /var/lib/NetworkManager/dhclient*-*.conf r,
+ /var/lib/NetworkManager/dhclient*-*.lease rw,
/var/log/lastlog r,
/var/log/messages r,
/var/log/wtmp r,
/{,var/}run/dhclient.pid rw,
- /{,var/}run/dhclient-*.pid rw,
+ /{,var/}run/dhclient*-*.pid rw,
/var/spool r,
/var/spool/mail r,
# This one will need to be fleshed out depending on what the user is doing
/{usr/,}sbin/dhclient-script mrpix,
+ /{usr/,}lib/NetworkManager/nm-dhcp-helper mrpix,
/{usr/,}bin/grep mrix,
/{usr/,}bin/sleep mrix,
@@ -76,5 +77,4 @@
/usr/lib/NetworkManager/nm-dhcp-client.action mrix,
/var/lib/dhcp/* rw,
/{,var/}run/nm-dhclient-*.conf r,
-
}
--- /usr/share/doc/apparmor-profiles/extras/usr.bin.man 2017-03-28 13:29:15.000000000 +0300
+++ /etc/apparmor.d/usr.bin.man 2017-06-27 22:35:18.636780980 +0300
@@ -16,12 +16,38 @@
/usr/bin/man {
#include <abstractions/base>
- #include <abstractions/nameservice>
+ #include <abstractions/consoles>
+ #include <abstractions/user-manpages>
capability setgid,
capability setuid,
- /usr/bin/man r,
- /usr/lib/man-db/man Px,
+
+
+ /bin/gzip rix,
+ /bin/less rix,
+ /etc/groff/** mr,
+ /etc/manpath.config r,
+ /usr/bin/col rix,
+ /usr/bin/groff rix,
+ /usr/bin/grotty rix,
+ /usr/bin/less rix,
+ /usr/bin/locale rix,
+ /usr/bin/more rix,
+ /usr/bin/most rix,
+ /usr/bin/nroff rix,
+ /usr/bin/preconv rix,
+ /usr/bin/tbl rix,
+ /usr/bin/troff rix,
+ /usr/lib/man-db/** rmix,
+ /usr/local/share/man/ rk,
+ /usr/local/share/man/** rk,
+ /usr/share/groff/ r,
+ /usr/share/groff/** r,
+ /usr/share/man/ rk,
+ /usr/share/man/** rk,
+ /var/cache/man/ rk,
+ /var/cache/man/** rwk,
+ @{HOME}/.lesshst rwk,
}
--- apparmor-2.11.0/profiles/apparmor.d/abstractions/nvidia 2014-06-06 22:50:58.000000000 +0400
+++ /etc/apparmor.d/abstractions/nvidia 2017-06-27 23:01:45.972799697 +0300
@@ -10,6 +10,7 @@
# device files
/dev/nvidia0 rw,
/dev/nvidiactl rw,
+ /dev/nvidia-modeset rw,
@{PROC}/interrupts r,
@{PROC}/sys/vm/max_map_count r,
--- icedove-45.8.0/debian/apparmor/usr.bin.thunderbird 2017-03-30 02:28:32.000000000 +0300 +++ /etc/apparmor.d/usr.bin.thunderbird 2017-07-02 17:18:54.756579420 +0300 @@ -56,6 +56,7 @@ # Addons (too lax for thunderbird) ##include <abstractions/ubuntu-browsers.d/firefox> + ##include <abstractions/ubuntu-browsers.d/firefox> # for networking network inet stream,
ubuntu_browsers_abstraction.tbz
Description: application/bzip-compressed-tar
--- apparmor-2.11.0/profiles/apparmor.d/abstractions/video 2007-08-29 03:05:56.000000000 +0400 +++ /etc/apparmor.d/abstractions/video 2017-06-27 22:12:45.000000000 +0300 @@ -4,3 +4,5 @@ # System devices /sys/class/video4linux r, /sys/class/video4linux/** r, + + /dev/video* rw,
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
