apparmor: update profiles

* dhcpcd, wpa_supplicant: add small additional permissions * wpa_cli: remove profile, it causes issues with the -a flag; expected impact is low: wpa_cli is run as a normal user, and it does not serve requests to other users.
2019-12-31 00:26:34 -08:00 · 2019-12-31 00:26:34 -08:00 · ac938da314
parent 8521284107
commit ac938da314
4 changed files with 3 additions and 17 deletions
--- a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
@ -46,6 +46,7 @@ profile dhcpcd /{usr/,}bin/dhcpcd {
  /{usr/,}bin/dhcpcd mrix,

  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/stat r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.dhcpcd>
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
@ -1,16 +0,0 @@
-#include <tunables/global>
-
-/usr/bin/wpa_cli {
-  #include <abstractions/base>
-
-  /usr/bin/wpa_cli mr,
-
-  /{var/,}run/wpa_supplicant/ r,
-  owner /tmp/wpa_ctrl_@{pid}-[0-9] rw,
-
-  # for interactive mode
-  /etc/inputrc r,
-  owner @{HOME}/.wpa_cli_history rw,
-
-  #include <local/usr.bin.wpa_cli>
-}
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
@ -28,6 +28,7 @@
  /etc/nsswitch.conf r,
  /etc/group r,
 
+  @{PROC}/sys/net/ipv{4,6}/conf/*/* rw,
  @{PROC}/@{pid}/psched r,

  /dev/rfkill r,
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=2.13.3
-revision=3
+revision=4
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure