felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): ssh-sk-helper does not get transioned.

Browse source 
fix #681
see #677
This commit is contained in:
Alexandre Pujol 2025-03-14 23:57:37 +01:00
parent e4a7e16ec0
commit 07dbb0c7d3
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/groups/ssh/ssh
View file

@ -26,7 +26,7 @@ profile ssh @{exec_path} {
@{bin}/@{shells} rUx, @{bin}/@{shells} rUx,
@{lib}/{,ssh/}ssh-sk-helper rPx, @{lib}/{,ssh/}ssh-sk-helper rix,
@{etc_ro}/ssh/ssh_config r, @{etc_ro}/ssh/ssh_config r,
@{etc_ro}/ssh/ssh_config.d/{,*} r, @{etc_ro}/ssh/ssh_config.d/{,*} r,
@ -49,9 +49,17 @@ profile ssh @{exec_path} {
owner @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand} wl -> @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand}, owner @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand} wl -> @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand},
owner @{run}/user/@{uid}/keyring/ssh rw, owner @{run}/user/@{uid}/keyring/ssh rw,
@{sys}/ r,
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/hidraw/ r,
@{sys}/class/hidraw/hidraw@{int} r,
owner @{PROC}/@{pid}/loginuid r, owner @{PROC}/@{pid}/loginuid r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
/dev/hidraw@{int} rwk,
include if exists <local/ssh> include if exists <local/ssh>
} }