Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for tlp #585

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add support for tlp #585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d67b17
Create tlp
barmogund Oct 25, 2024
2411da2
Update hdparm
barmogund Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions apparmor.d/profiles-g-l/hdparm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ profile hdparm @{exec_path} flags=(complain) {
# Image files
owner @{user_img_dirs}/{,**} r,

# interaction with tlp
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/**/**/power/autosuspend_delay_ms r,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host0/link_power_management_policy rw,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/* r,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/{sda,sr0}/dev r,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda/sda@{int}/dev r,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/target*/**/block/sda@{int}/dev r,

# for hdparm --fibmap
@{PROC}/devices r,

Expand Down
122 changes: 122 additions & 0 deletions apparmor.d/profiles-s-z/tlp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Barmogund
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/tlp
profile tlp @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/graphics>
include <abstractions/bus/org.freedesktop.PolicyKit1>
include <abstractions/nameservice-strict>

capability dac_read_search,
capability net_admin,
capability sys_nice,
capability sys_rawio,
capability sys_tty_config,

network netlink raw,

@{exec_path} mr,

@{bin}/systemctl rix,
@{bin}/logger rix,
@{shells_path} rix,
@{bin}/cp rix,
@{bin}/chmod rix,
@{bin}/flock rix,
@{bin}/sort rix,
@{bin}/head rix,
@{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/tr rix,
@{bin}/ethtool rix,
@{bin}/grep rix,
@{bin}/touch rix,
@{bin}/cat rix,
@{bin}/rm rix,
@{bin}/id rpx,
@{bin}/iw rpx,
@{bin}/hdparm rix,
@{bin}/uname rpx,
@{bin}/udevadm rix,
/usr/share/tlp/tlp-readconfs rix,

owner / r,

owner /etc/tlp.d/ r,
owner /etc/tlp.d/** rw,
owner /etc/udev/udev.conf r,
/etc/tlp.conf rw,

owner /usr/share/tlp/** rw,
owner /usr/share/tlp/func.d/** rw,

/usr/share/tlp/tlp-readconfs rw,

/var/lib/power-profiles-daemon/{,**} rw,

owner /usr/share/tlp/bat.d/** rw,
owner /usr/share/perl5/core_perl/** r,

@{run}/udev/data/+platform:* r,
owner @{run}/tlp/* rw,
owner @{run}/tlp/lock_tlp rwk,
owner @{run}/udev/data/b@{int}:@{int} r,

@{sys}/bus/ r,
owner @{sys}/bus/pci/drivers/nouveau/ r,
owner @{sys}/devices/@{pci}/ r,
owner @{sys}/devices/@{pci}/power/control rw,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/ r,
owner @{sys}/devices/@{pci}/ta@{int}/host@{int}/scsi_host/host@{int}/link_power_management_policy rw,
@{sys}/bus/platform/devices/ r,
@{sys}/class/ r,
@{sys}/class/power_supply/ r,
@{sys}/devices/@{pci}/uevent r,
@{sys}/devices/**/power_supply/*/scope r,
@{sys}/devices/**/power_supply/*/uevent r,
@{sys}/devices/platform/**/uevent r,
@{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r,
@{sys}/devices/system/cpu/*_pstate/status r,
@{sys}/devices/system/cpu/cpu@{int}/power/energy_perf_bias rw,
@{sys}/devices/system/cpu/cpufreq/ r,
@{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw,
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw,
owner @{sys}/bus/pci/drivers/mei_me/ r,
owner @{sys}/bus/pci/devices/ r,
owner @{sys}/block/ r,
owner @{sys}/class/net/ r,
owner @{sys}/devices/platform/**/**/** r,
owner @{sys}/devices/virtual/block/loop@{int}/ r,
owner @{sys}/devices/virtual/block/loop@{int}/dev r,
owner @{sys}/devices/virtual/net/lo/uevent r,
owner @{sys}/devices/virtual/dmi/id/product_version rw,
owner @{sys}/class/drm/ rw,
owner @{sys}/module/pcie_aspm/parameters/policy rw,
owner @{sys}/module/snd_hda_intel/parameters/power_save rw,
owner @{sys}/module/snd_hda_intel/parameters/power_save_controller rw,

@{sys}/firmware/acpi/platform_profile* rw,
@{sys}/firmware/acpi/pm_profile* rw,
@{sys}/devices/virtusl/** rw,

owner @{PROC}/sys/vm/laptop_mode rw,
owner @{PROC}/sys/vm/dirty_writeback_centisecs rw,
owner @{PROC}/sys/vm/dirty_expire_centisecs rw,
owner @{PROC}/sys/fs/xfs/xfssyncd_centisecs rw,
owner @{PROC}/sys/kernel/nmi_watchdog rw,

/dev/disk/by-id/ r,
owner /dev/sda r,
/dev/tty rw,

include if exists <local/tlp>
}

# vim:syntax=apparmor