[game-data-packager] 02/02: Sync Unreal AppArmor profile with quake4

Simon McVittie smcv at debian.org
Sun Oct 9 22:31:02 UTC 2016 

This is an automated email from the git hooks/post-receive script.

smcv pushed a commit to branch master
in repository game-data-packager.

commit ac21676a9401f45b2ba46142c94e6661638a9f97
Author: Simon McVittie <smcv at debian.org>
Date:   Sun Oct 9 23:27:11 2016 +0100

    Sync Unreal AppArmor profile with quake4
    
    - allow additional video device enumeration
    - specifically forbid loading particularly sensitive files
    - license it permissively
---
 debian/copyright              | 1 +
 debian/copyright.in           | 1 +
 etc/apparmor.d/usr.lib.unreal | 9 ++++++++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/debian/copyright b/debian/copyright
index 9cb7f0e..6b89715 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -43,6 +43,7 @@ License: GPL-2+
  /usr/share/common-licenses/GPL-2.
 
 Files:
+ etc/apparmor.d/*
  runtime/openurl.py
 Copyright:
  © 2016 Simon McVittie
diff --git a/debian/copyright.in b/debian/copyright.in
index d0809d3..5ec5e3d 100644
--- a/debian/copyright.in
+++ b/debian/copyright.in
@@ -41,6 +41,7 @@ License: GPL-2+
  /usr/share/common-licenses/GPL-2.
 
 Files:
+ etc/apparmor.d/*
  runtime/openurl.py
 Copyright:
  © 2016 Simon McVittie
diff --git a/etc/apparmor.d/usr.lib.unreal b/etc/apparmor.d/usr.lib.unreal
index ca24c6a..f156b24 100644
--- a/etc/apparmor.d/usr.lib.unreal
+++ b/etc/apparmor.d/usr.lib.unreal
@@ -1,6 +1,7 @@
 # Unreal (Classic/Gold) AppArmor profile
 # Copyright © 2016 Simon McVittie
-# SPDX-License-Identifier: GPL-2.0+
+# Redistribution and use in source and compiled forms, with or without
+# modification, are permitted under any circumstances. No warranty.
 
 #include <tunables/global>
 
@@ -10,6 +11,7 @@
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/nvidia>
+  #include <abstractions/private-files-strict>
 
   network inet dgram,
   network inet stream,
@@ -24,7 +26,12 @@
   # udev device enumeration
   /etc/udev/udev.conf r,
   /run/udev/data/+pci:* r,
+  /sys/bus/ r,
+  /sys/class/ r,
+  /sys/class/drm/ r,
   /sys/devices/pci[0-9]*/**/uevent r,
+  # character devices 226:x are DRI
+  /run/udev/data/c226:* r,
 
   /usr/lib/unreal-classic/System/*.bin mrix,
   /usr/lib/unreal-gold/System/*.bin mrix,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/game-data-packager.git

More information about the Pkg-games-commits mailing list