felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update su

Browse source
This commit is contained in:
nobodysu 2021-12-12 18:16:30 +00:00 committed by GitHub
parent 3430e3df90
commit 09fdd074f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/profiles-s-z/su
View file

@ -19,6 +19,9 @@ profile su @{exec_path} {
capability setgid, capability setgid,
capability setuid, capability setuid,
#audit deny capability net_bind_service, #audit deny capability net_bind_service,
capability sys_resource,
# No clear purpose, deny until needed
deny capability net_admin,
signal (send) set=(term,kill), signal (send) set=(term,kill),
signal (receive) set=(int,quit,term), signal (receive) set=(int,quit,term),
@ -46,5 +49,9 @@ profile su @{exec_path} {
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{sys}/devices/virtual/tty/console/active r, @{sys}/devices/virtual/tty/console/active r,
# pseudo-terminal
capability chown,
/dev/{,pts/}ptmx rw,
include if exists <local/su> include if exists <local/su>
} }