Sign Up
Log In
Sign Up
Username:
*
Email:
*
Password:
*
Password confirmation:
*
or
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
AppArmor
smar-apparmor-profiles
packages-system.yaml
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File packages-system.yaml of Package smar-apparmor-profiles
# system folder - name: "at-spi2-core" requires: - dbus-1 in_directory: "system/dbus": files: - "at-spi-bus-launcher" - name: "chrony" in_directory: "system/network": files: - "chronyc" - "chronyd" - name: "cronie" in_directory: "system/cron": files: - "cronie" - "cronie.run-crons" - "crontab" extra_directories: - "cronie.d" extra_files: - "cronie.d/README" - name: "dbus-1" load_profile_by_systemd: dbus-daemon: dbus-daemon abstractions: - kde - systemd in_directory: "system/dbus": files: - "dbus-daemon" - "dbus-daemon-launch-helper" - "dbus-run-session" - name: "deltarpm" files: - "system/applydeltarpm" - name: "fish" requires: - less - procps - subversion - systemd - xdm # For /etc/X11/xdm/sys.xsession - git-core - krb5-client - btrfsmaintenance # zypper plugin - libzypp-plugin-appdata # zypper plugin - snapper-zypp-plugin # zypper plugin abstractions: - sddm local: - "fish" - "kde_fish" # NOTE: Doing this differently as directory include loading loads under wrong namespaces. # Only sometimes, not always, which is all more annoying. namespaces: - "common_fish" in_directory: "system/shells": local: - "common_fish" - "fish-sudo" files: - "fish" - "kde_fish" extra_files: - "lib/common_fish" - "lib/fish-sudo" - name: "fuse3" in_directory: "system/mount": files: - "fusermount3" extra_directories: - "local/fuse" extra_files: - "local/fuse/fusermount3" - name: "glib2-tools" in_directory: "system/glib": files: - "glib-compile-schemas" - "gsettings" - name: "glibc" in_directory: "system/glibc": rpm_scriptlets_symlinks: - "iconvconfig" local: - "lib-ld.so" files: - "iconvconfig" - "ldconfig" - "lib-ld.so" - name: "glibc-32bit" in_directory: "system/glibc": rpm_scriptlets_symlinks: - "iconvconfig-32" files: - "iconvconfig-32" - name: "grub2" recommends: - os-prober # For grub-mkconfig in_directory: "system/bootloader": files: - "grub-editenv" - "grub-install" - "grub-mkconfig" - "grub-probe" - "grub2-once" - "grub2-reboot" - name: "os-prober" requires: - "util-linux" # For blkid in_directory: "system/bootloader": files: - "os-prober" - name: "power-profiles-daemon" load_profile_by_systemd: power-profiles-daemon: power-profiles-daemon in_directory: "system/dbus": files: - "power-profiles-daemon" # NOTE: Not setting systemd to use profile, because two different executables are used in the service. - name: "rsyslog" in_directory: "system": files: - "rsyslogd" - name: "rtkit" in_directory: "system/dbus": files: - "rtkit-daemon" - name: "smartmontools" in_directory: "system": files: - "smartd" - name: "sudo" files: - "system/sudo" - name: "tmpwatch" in_directory: "system/cron/scripts": files: - "cron.daily.tmpwatch" - name: "util-linux" in_directory: "system": local: - "bin.login" files: - "agetty" - "bin.login" - "su" "system/cli": files: - "dmesg" - "lsns" "system/filesystem": files: - "fsfreeze" "utilities": files: - "blkid" - name: "wicked" requires: - kmod in_directory: "system/network/wicked": files: - "ifup" - "wicked" - "wickedd" - "wickedd-nanny" - "wicked.lib.wickedd-auto4" - "wicked.lib.wickedd-dhcp4" - "wicked.lib.wickedd-dhcp6" - name: "xinetd" files: - "system/xinetd" # admin folder - name: "ca-certificates" in_directory: "system/admin": files: - "update-ca-certificates" rpm_scriptlets_symlinks: - "update-ca-certificates" - name: "hostinfo" provides: - "issue-generator" in_directory: "system/admin": files: - "hostinfo" # Technically this should be in issue-generator-profiles, # but I want to avoid one unnecessary package which most # of time would be installed anyway. - "issue-generator" - name: "fai-toolkit" in_directory: "system/admin/management": included_tunables: - "fai-toolkit" files: - "ft" extra_files: - "namespaces.d/ft/" - name: "pam-config" in_directory: "system/admin": files: - "pam-config" # authentication folder - name: "sssd" supplements: - sssd-common in_directory: "security/authentication": included_tunables: - "sssd" files: - "sssd" extra_directories: - "namespaces.d/kde_file_dialog.net.d" extra_files: - "namespaces.d/kde_file_dialog.net.d/sssd" - name: "sssd-tools" requires: - sssd # For tunables/sssd in_directory: "system/admin/authentication": files: - "sss_cache" - name: "yubikey-manager-qt" in_directory: "security/authentication": files: - "ykman-gui" # hardware folder - name: "iotop" in_directory: "hardware/disk": files: - "iotop" - name: "irqbalance" in_directory: "hardware": files: - "irqbalance" - name: "lshw" in_directory: "hardware": files: - "lshw" - name: "mcelog" in_directory: "hardware": files: - "mcelog" load_profile_by_systemd: mcelog: "systemd.service.mcelog" - name: "multipath-tools" in_directory: "hardware/disk": files: - "multipath" - name: "oyranos" in_directory: "hardware/video/oyranos": files: - "oyranos-compat-gnome" - name: "oyranos-monitor" recommends: - oyranos in_directory: "hardware/video/oyranos": files: - "oyranos-monitor" - name: "upower" in_directory: "hardware": files: - "upower" - "upowerd" - name: "usbutils" in_directory: "hardware/usb": files: - "lsusb" # system -> network folder - name: "bind-utils" in_directory: "system/network": files: - "delv" - "dig" - "host" - name: "cni-plugins" in_directory: "system/network/cni": files: - "cni.dhcp" - name: "ethtool" in_directory: "system/network": files: - "ethtool" - name: "hyphanet" provides: - "freenetproject" in_directory: "system/network/hyphanet": extra_directories: - "local/hyphanet" extra_files: - "lib/hyphanet/" - "local/hyphanet/plugins" files: - "run.sh" - "wrapper" included_tunables: - "hyphanet" - name: "iproute2" in_directory: "system/network/iproute2": extra_directories: - "local/iproute2" extra_files: - "local/iproute2/ip" files: - "ip" - "ss" - name: "nftables" in_directory: "system/network": files: - "nft" - name: "nfs-client" suggests: - sssd in_directory: "system/mount": files: - "mount.nfs" "system/network/nfs": files: - "rpc.gssd" - "rpc.lockd" - "rpc.statd" - "rpc.svcgssd" "system/systemd/generators": files: - "nfs-server-generator" - name: "whois" in_directory: "system/network": files: - "whois" - name: "wpa_supplicant" in_directory: "system/network": files: - "wpa_supplicant" # virtualization folder - name: "catatonit" in_directory: "system/virtualization": files: - "catatonit" - name: "kvm_stat" in_directory: "system/virtualization": files: - "kvm_stat" - name: "libcontainers-common" in_directory: "system/virtualization/containers": included_tunables: - "containers" - name: "podman" in_directory: "system/virtualization/podman": files: - "podman" - "podman.quadlet" - name: "virtualbox" load_profile_by_systemd: vboxdrv: vboxdrv.sh in_directory: "system/virtualization/virtualbox": files: - "vboxconfig" - "VBoxCreateUSBNode.sh" - "vboxdrv.sh" extra_files: - "lib/udevadm.d/virtualbox" # Can’t be enabled until “no new privs” override support is available: # https://bugs.launchpad.net/apparmor/+bug/1908448/comments/2 #- name: "bubblewrap" # files: # - "system/virtualization/bwrap" # Miscellaneous profiles - name: "open-iscsi" in_directory: "system/systemd/generators": files: - "ibft-rule-generator" # filesystem folder - name: "e2fsprogs" in_directory: "system/filesystem": files: - "chattr" - "fsck.ext3" - name: "lvm2" in_directory: "system/filesystem": files: - "lvm" "system/systemd/generators": files: - "lvm2-activation-generator" - name: "tarsnap" in_directory: "system/filesystem": files: - "tarsnap" - name: "python3-tarsnapper" in_directory: "system/filesystem": files: - "tarsnapper" # cli folder - name: "acpi" in_directory: "system/cli": files: - "acpi" - name: "the_silver_searcher" in_directory: "system/cli": extra_files: - "local/cli/ag" files: - "ag" - name: "appstream-glib" files: - "system/cli/usr.bin.appstream-util" - name: "bzr" files: - "not_tested/usr.bin.bzr" - name: "coreutils" in_directory: "system/cli": files: - "date" - "sleep" - name: "dstat" in_directory: "system/cli": files: - "dstat" - name: "gpm" files: - "system/cli/gpm" - name: "hostname" in_directory: "system/cli": files: - "hostname" - name: "htop" local: - "htop" files: - "system/cli/htop" - name: "less" files: - "system/cli/less" - name: "lsof" in_directory: "system/cli": files: - "lsof" - name: "man" abstractions: - "less" in_directory: "system/cli/man-pages": included_tunables: - "man-pages" files: - "apropos" - "man" - "mandb" - "man-db.do_mandb" - "man-db.man" - "whatis" local: - "man" extra_files: - "lib/man-pages" - name: "mlocate" load_profile_by_systemd: mlocate: "systemd.service.mlocate" in_directory: "system/cli": files: - "locate" - "updatedb" - name: "nmap" in_directory: "system/cli": files: - "nmap" - name: "nvme-cli" files: - "system/cli/nvme" - name: "p7zip" in_directory: "system/cli": files: - "p7zip" - name: "pciutils" in_directory: "system/cli": rpm_scriptlets_symlinks: - "sbin.lspci" files: - "sbin.lspci" - name: "procps" in_directory: "system/cli/procps": files: - "bin.ps" - "pgrep" - "sysctl" - "w" - name: "procs" in_directory: "system/cli": files: - "procs" - name: "psmisc" in_directory: "system/cli": files: - "killall" - name: "quilt" included_tunables: - "quilt" in_directory: "system/cli": files: - "quilt" - name: "sensors" files: - "system/cli/sensors-detect" - name: "mdadm" in_directory: "system/admin": files: - "mdadm" - "mdcheck" - name: "shadow" in_directory: "system/admin": files: - "gpasswd" - "groupadd" - "passwd" - "useradd" - "usermod" - "userdel" - name: "sysvinit-tools" in_directory: "system/cli": files: - "killall5" #- "pidof" # systemd folder - name: "systemd" load_profile_by_systemd: system_conditional: systemd-udevd: systemd-udevd user: systemd-tmpfiles-clean: systemd-tmpfiles systemd-tmpfiles-setup: systemd-tmpfiles abstractions: - less - sddm - systemd - vim # For vim-inline-editor. included_tunables: - "systemd" extra_directories: - "local/systemd" in_directory: "system/systemd": ghost: # TODO: Implement this in generate_spec.rb. - "local/systemd/systemd" files: # NOTE: # Since systemd can transfer control to specific AppArmor profiles, and I’m not able # to get transitions to work even with “change_profile -> **”, maybe better to # let systemd to run unconfined and just ensure everything else is transitioned to # their correct profiles. # # See load_profile_by_systemd in this file for how to specify the profile. #- "systemd.pid1" # systemd.user seems to work well enough, but... # # TODO: “systemctl daemon-reexec” as root makes # pid1 to use systemd.user profile. This # needs # to be fixed. # # For that reason, I’m not enabling # systemd.user here, because this would get # pulled too much around automatically. #- "systemd.user" - "systemd_generators" - "systemd_scripts" - "systemd_shutdown" - "systemd.systemd-journald" - "systemd.systemd-sysv-install" - "user-environment-generators/30-systemd-environment-d-generator" - "3rdparty/systemd.3rdparty.user-environment-generators.60-flatpak" "system/systemd/commands": extra_files: - "local/systemd/busctl" - "local/systemd/systemd-tmpfiles" files: - "busctl" - "journalctl" - "systemctl" - "systemd-cat" - "systemd-detect-virt" - "systemd-run" - "systemd-sysusers" - "systemd-tmpfiles" - "systemd-tty-ask-password-agent" - "timedatectl" "system/systemd/generators": files: - "logind-compat-tasks-max-generator" - "systemd-bless-boot-generator" - "systemd-cryptsetup-generator" - "systemd-debug-generator" - "systemd-fstab-generator" - "systemd-getty-generator" - "systemd-gpt-auto-generator" - "systemd-hibernate-resume-generator" - "systemd-insserv-generator" - "systemd-rc-local-generator" - "systemd-run-generator" - "systemd-system-update-generator" - "systemd-sysv-generator" - "systemd-veritysetup-generator" "system/systemd/subcommands": files: - "systemd_subcommand" - "systemd-binfmt" - "systemd-cryptsetup" - "systemd-hostnamed" - "systemd-localed" - "systemd-logind" - "systemd-random-seed" - "systemd-rfkill" - "systemd-sleep" - "systemd-sysctl" - "systemd-timedated" - "systemd-udevd" - "systemd-update-utmp" - "systemd-user-runtime-dir" - "systemd-user-sessions" "system/systemd/user-generators": files: - "systemd-xdg-autostart-generator" - name: "systemd-coredump" requires: - systemd in_directory: "system/systemd/commands": files: - "coredumpctl" "system/systemd/subcommands": files: - "systemd-coredump" - name: "zram-generator" requires: - systemd in_directory: "system/systemd/generators": files: - "zram-generator" # btrfs folder - name: "btrfsprogs" files: - "system/btrfs/btrfs" - name: "btrfsmaintenance" requires: - btrfsprogs files: - "suse/zypper/plugins.commit.btrfs-defrag-plugin.sh" - "system/btrfs/btrfsmaintenance.btrfs-balance.sh" - "system/btrfs/btrfsmaintenance.btrfs-scrub.sh" # kernel folder - name: "dracut" requires: - udev # udevadm profile; dracut requires udev so this is good. - util-linux # blkid profile; dracut requires util-linux also. recommends: - btrfsprogs # btrfs profile. Recommended because if dracut profile is enforced and btrfs is used as filesystem, things will go haywire. suggests: - systemd # For systemd-detect-virt. in_directory: "suse/kernel": files: - "mkinitrd" "system/kernel": files: - "dracut" - "dracut-install" - "lsinitrd" - name: "plymouth" in_directory: "system/kernel": files: - "plymouth-set-default-theme" - name: "plymouth-dracut" in_directory: "system/kernel": files: - "plymouth-populate-initrd" - name: "perl-Bootloader" in_directory: "system/bootloader": files: - "bootloader.bootloader_entry" - "bootloader.grub2.config" "system/kernel": files: - "pbl" - name: "utempter" abstractions: - sddm files: - "system/kernel/usr.lib.utempter.utempter" # services folder - name: "haveged" in_directory: "system/services": files: - "haveged" # kate: indent-width 2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
