feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
43ab1d064d
commit
197c1bd78a
43 changed files with 148 additions and 236 deletions
|
|
@ -11,8 +11,6 @@ profile default-sudo @{exec_path} {
|
|||
include <abstractions/app/sudo>
|
||||
|
||||
capability chown,
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
capability sys_ptrace,
|
||||
|
||||
|
|
@ -21,7 +19,6 @@ profile default-sudo @{exec_path} {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
@{bin}/sudo mr,
|
||||
@{bin}/su mr,
|
||||
|
||||
@{bin}/** Px,
|
||||
|
|
@ -31,20 +28,13 @@ profile default-sudo @{exec_path} {
|
|||
/var/db/sudo/lectured/ r,
|
||||
/var/lib/extrausers/shadow r,
|
||||
/var/lib/sudo/lectured/ r,
|
||||
/var/lib/sudo/ts/ rw,
|
||||
/var/lib/sudo/ts/* rwk,
|
||||
/var/log/sudo.log wk,
|
||||
owner /var/db/sudo/lectured/@{uid} rw,
|
||||
owner /var/lib/sudo/lectured/* rw,
|
||||
|
||||
owner @{HOME}/.sudo_as_admin_successful rw,
|
||||
|
||||
@{run}/ r,
|
||||
@{run}/faillock/{,*} rwk,
|
||||
@{run}/systemd/sessions/* r,
|
||||
owner @{run}/sudo/ rw,
|
||||
owner @{run}/sudo/ts/ rw,
|
||||
owner @{run}/sudo/ts/* rwk,
|
||||
@{run}/ r,
|
||||
@{run}/systemd/sessions/* r,
|
||||
|
||||
include if exists <local/default-sudo>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue