From 412e9eee326216b953540244dad87377f74aeb5e Mon Sep 17 00:00:00 2001 From: nobodysu Date: Mon, 23 May 2022 00:51:55 +0300 Subject: [PATCH] Ubuntu, allow fallback --- apparmor.d/groups/ssh/sshd | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 4dbb57864..08980197b 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -43,14 +43,17 @@ profile sshd @{exec_path} flags=(attach_disconnected) { ptrace (read,trace) peer=unconfined, + network inet stream, + network inet6 stream, + @{exec_path} mrix, - /{usr/,}bin/{,b,d,rb}ash rUx, - /{usr/,}bin/{c,k,tc,z}sh rUx, + /{usr/,}bin/{,b,d,rb}ash rPUx, + /{usr/,}bin/{c,k,tc,z}sh rPUx, /{usr/,}{s,}bin/nologin rPx, - /{usr/,}bin/false rix, /{usr/,}bin/passwd rPx, /{usr/,}lib/openssh/sftp-server rPx, + /{usr/,}bin/false rix, /etc/default/locale r, /etc/environment r, @@ -73,17 +76,17 @@ profile sshd @{exec_path} flags=(attach_disconnected) { @{run}/motd.dynamic.new rw, @{run}/resolvconf/resolv.conf r, @{run}/systemd/sessions/[0-9]*.ref rw, - @{run}/systemd/userdb/ r, + @{run}/systemd/notify w, @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw, @{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-c[0-9]*.scope/ rw, - owner @{PROC}/@{pid}/limits r, - owner @{PROC}/@{pid}/loginuid rw, - owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/oom_adj rw, - owner @{PROC}/@{pid}/oom_score_adj rw, - owner @{PROC}/@{pid}/uid_map r, + owner @{PROC}/@{pids}/limits r, + owner @{PROC}/@{pids}/loginuid rw, + owner @{PROC}/@{pids}/mounts r, + owner @{PROC}/@{pids}/oom_adj rw, + owner @{PROC}/@{pids}/oom_score_adj rw, + owner @{PROC}/@{pids}/uid_map r, @{PROC}/@{pids}/fd/ r, @{PROC}/1/environ r, @{PROC}/cmdline r, @@ -94,4 +97,4 @@ profile sshd @{exec_path} flags=(attach_disconnected) { /dev/ptmx rw, include if exists -} \ No newline at end of file +}