felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): mappings: add support for role from the sshd-session profile.

Browse source
This commit is contained in:
Alexandre Pujol 2025-06-21 21:07:02 +02:00
parent f443c71c7b
commit 1aee62f52c
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/abstractions/mapping/sshd
View file

@ -15,6 +15,8 @@
capability audit_write, capability audit_write,
capability chown, capability chown,
capability dac_read_search, capability dac_read_search,
capability fowner,
capability fsetid,
capability kill, capability kill,
capability setgid, capability setgid,
capability setuid, capability setuid,
@ -25,12 +27,14 @@
# but will fall back to a non-privileged version if it fails. # but will fall back to a non-privileged version if it fails.
deny capability net_admin, deny capability net_admin,
network inet stream,
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal receive set=exists peer=@{p_systemd_journald}, signal receive set=exists peer=@{p_systemd_journald},
signal receive set=hup peer=@{p_systemd}, signal receive set=hup peer=@{p_systemd},
unix bind type=stream addr=@@{udbus}/bus/sshd-session/system,
unix bind type=stream addr=@@{udbus}/bus/sshd/system, unix bind type=stream addr=@@{udbus}/bus/sshd/system,
dbus send bus=system path=/org/freedesktop/login1 dbus send bus=system path=/org/freedesktop/login1