apparmor-aliases.diff 2.1 KB
Newer Older
1
2
3
--- a/etc/apparmor.d/abstractions/base	2021-04-03 06:09:19.000000000 +0000
+++ b/etc/apparmor.d/abstractions/base	2021-10-14 11:54:59.871759548 +0000
@@ -30,6 +30,7 @@
4
5
6
7
8
9
10
   /etc/locale/**                 r,
   /etc/locale.alias              r,
   /etc/localtime                 r,
+  /etc/tor/torsocks.conf         r,
   /etc/writable/localtime        r,
   /usr/share/locale-bundle/**    r,
   /usr/share/locale-langpack/**  r,
11
@@ -68,9 +69,9 @@
12
13
14
15
   /opt/*-linux-uclibc/lib/ld-uClibc*so* mr,
 
   # we might as well allow everything to use common libraries
-  /{usr/,}lib{,32,64}/**                r,
intrigeri's avatar
intrigeri committed
16
-  /{usr/,}lib{,32,64}/**.so*       mr,
17
-  /{usr/,}lib/@{multiarch}/**            r,
intrigeri's avatar
intrigeri committed
18
19
20
21
22
23
24
+  /{usr/,}lib{,32,64}/{[^l],l[^i],li[^v],liv[^e],live[^/]}**           r,
+  /{usr/,}lib{,32,64}/{[^l],l[^i],li[^v],liv[^e],live[^/]}**.so*       mr,
+  /{usr/,}lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}**      r,
   /{usr/,}lib/@{multiarch}/**.so*   mr,
   /{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so*    mr,
   /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so*    mr,
--- a/etc/apparmor.d/abstractions/ubuntu-helpers	2018-11-01 11:52:15.000000000 +0000
intrigeri's avatar
intrigeri committed
25
+++ b/etc/apparmor.d/abstractions/ubuntu-helpers	2019-01-05 11:30:54.808397903 +0000
26
@@ -65,8 +65,8 @@
27
28
29
30
   # in limited libraries so glibc's secure execution should be enough to not
   # require the santized_helper (ie, LD_PRELOAD will only use standard system
   # paths (man ld.so)).
-  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
intrigeri's avatar
intrigeri committed
31
-  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
32
+  # /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
intrigeri's avatar
intrigeri committed
33
34
35
36
+  # /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
   /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
   /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
   /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
intrigeri's avatar
intrigeri committed
37
@@ -75,7 +75,8 @@
38
39
40
41
42
43
44
45
46
   # Full access
   / r,
   /** rwkl,
-  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+  /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
+  /usr{/,/local/}lib{,32,64}/{,**/}*.so{,.*} m,
 
   # Dangerous files
   audit deny owner /**/* m,              # compiled libraries