From 79289183b3c99fefffdb505839f341a33dc0247d Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 20 Jul 2016 20:48:31 +0100
Subject: [PATCH] session-lockdown-no-deny: check for more processes
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3772
---
apparmor/session-lockdown/no-deny | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/apparmor/session-lockdown/no-deny b/apparmor/session-lockdown/no-deny
index 70b43323..1b7bf7a2 100755
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -227,6 +227,9 @@ def after_reboot():
# if they aren't running it's a problem (either because we started
# them explicitly or they are meant to run on boot)
for profile in (
+ '/usr/Applications/org.apertis.Frampton/bin/frampton-agent',
+ '/usr/Applications/org.apertis.Mildenhall.Launcher/bin/mildenhall_launcher',
+ '/usr/Applications/org.apertis.Mildenhall.StatusBar/bin/mildenhall_statusbar',
'/usr/sbin/connmand',
):
if profile in complain_process_profiles:
@@ -249,6 +252,7 @@ def after_reboot():
# Processes that are currently meant to be in complain mode, and
# if they aren't running it's a problem
for profile in (
+ '/usr/bin/canterbury',
'/usr/bin/pulseaudio',
'/usr/sbin/ofonod',
):
@@ -260,7 +264,12 @@ def after_reboot():
# Processes that are currently meant to be in enforce mode, and
# might not be running at all
for profile in (
+ '/usr/bin/newport',
+ '/usr/lib/*/tumbler-1/tumblerd',
+ '/usr/lib/tracker/tracker-extract',
+ '/usr/lib/tracker/tracker-miner-apps',
'/usr/lib/tracker/tracker-miner-fs',
+ '/usr/lib/tracker/tracker-miner-user-guides',
'/usr/lib/tracker/tracker-store',
):
if profile not in profiles_running:
--
GitLab