felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-11-11 22:18:55 +00:00
parent fd88162c55
commit 26f838b73f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
23 changed files with 121 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

13
apparmor.d/profiles-g-l/login
View file

@ -7,12 +7,13 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/login
profile login @{exec_path} {
profile login @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
include <abstractions/dbus-strict>
capability chown,
capability fsetid,
@ -25,6 +26,10 @@ profile login @{exec_path} {
# network netlink raw,
dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.login1.*
peer=(name=org.freedesktop.login1),
@{exec_path} mr,
/{usr/,}bin/{,z,ba,da}sh rUx,
@ -51,11 +56,7 @@ profile login @{exec_path} {
owner @{user_cache_dirs}/motd.legal-displayed rw,
dbus send
bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" peer=(name="org.freedesktop.DBus"),
dbus send
bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.login1.*" peer=(name="org.freedesktop.login1"),
/dev/tty[0-9]* rw,
include if exists <local/login>
}