feat(profile): add profile for sshd session.

It is only a first draft as recent update in sshd, split sshd in multiple binaries, it will allow us to also split the confinement in multiple profile.
2025-06-21 19:52:22 +02:00 · 2025-06-21 19:52:22 +02:00 · 03d7ef5589
commit 03d7ef5589
parent 5eb08f8de5
2 changed files with 86 additions and 1 deletions
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@ -69,7 +69,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
  @{bin}/passwd                      Px,
  @{lib}/{openssh,ssh}/sftp-server   Px,
  @{lib}/{openssh,ssh}/sshd-auth     Px,
-  @{lib}/{openssh,ssh}/sshd-session  ix,
+  @{lib}/{openssh,ssh}/sshd-session  Px,

  @{etc_ro}/environment r,
  @{etc_ro}/security/limits.d/{,*.conf} r,