felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(fsp): setup RBAC mapping in auth enabled profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-31 13:43:57 +02:00
parent d9e6e686e0
commit 2282128cbd
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 45 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
apparmor.d/groups/ssh/sshd
View file

@ -25,6 +25,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/wutmp>
include <mappings/sshd> #aa:only RBAC
capability audit_write,
capability chown,
@ -60,13 +61,13 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix,
@{bin}/@{shells} rUx,
@{bin}/false rix,
@{sbin}/nologin rPx,
@{bin}/passwd rPx,
@{lib}/{openssh,ssh}/sftp-server rPx,
@{lib}/{openssh,ssh}/sshd-auth rPx,
@{lib}/{openssh,ssh}/sshd-session rix,
@{bin}/@{shells} Ux, #aa:exclude RBAC
@{bin}/false ix,
@{sbin}/nologin Px,
@{bin}/passwd Px,
@{lib}/{openssh,ssh}/sftp-server Px,
@{lib}/{openssh,ssh}/sshd-auth Px,
@{lib}/{openssh,ssh}/sshd-session ix,
@{etc_ro}/environment r,
@{etc_ro}/security/limits.d/{,*.conf} r,