felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh: allow ssh to write to the kerberos CC when it picks up a ticket

Browse source
This commit is contained in:
doublez13 2025-09-12 12:25:55 -06:00 committed by Alex
parent c67773947e
commit 53501d8bf4
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/ssh/ssh
View file

@ -44,6 +44,8 @@ profile ssh @{exec_path} {
owner @{user_projects_dirs}/**/ssh/{,*} r, owner @{user_projects_dirs}/**/ssh/{,*} r,
owner @{user_projects_dirs}/**/config r, owner @{user_projects_dirs}/**/config r,
owner @{tmp}/krb5cc_* rwk,
audit owner @{tmp}/ssh-*/{,agent.@{int}} rwkl, audit owner @{tmp}/ssh-*/{,agent.@{int}} rwkl,
owner @{run}/user/@{uid}/gvfsd-sftp/@{hex} rwl -> @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand}, owner @{run}/user/@{uid}/gvfsd-sftp/@{hex} rwl -> @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand},