Add profile for kdestroy
This commit is contained in:
doublez13
Alex
parent
0f0082fd5b
commit
4f4f5c464e
1 changed files with 29 additions and 0 deletions
29
apparmor.d/profiles-g-l/kdestroy
Normal file
29
apparmor.d/profiles-g-l/kdestroy
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2025 Zane Zakraisek <zakraise@eng.utah.edu>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/4.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/kdestroy
|
||||
profile kdestroy @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
#Allow root to destroy other users' creds cache
|
||||
capability dac_override,
|
||||
|
||||
#Config Files
|
||||
/etc/krb5.conf r,
|
||||
/etc/krb5.conf.d/{,**} r,
|
||||
|
||||
#Credentials cache
|
||||
/tmp/krb5cc_* rwk,
|
||||
/tmp/tkt* rwk,
|
||||
|
||||
include if exists <local/kdestroy>
|
||||
}
|
||||
|
||||
# vim:syntax=apparmor
|
||||
Loading…
Add table
Add a link
Reference in a new issue