felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): base-strict: allow communication to children and stacked profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-15 11:33:29 +02:00
parent 7d49a1628e
commit 6739b238ce
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/abstractions/base-strict
View file

@ -67,8 +67,9 @@
# Allow unconfined processes to us via unix sockets # Allow unconfined processes to us via unix sockets
unix receive peer=(label=unconfined), unix receive peer=(label=unconfined),
# Allow communication to children profiles # Allow communication to children and stacked profiles
signal peer=@{profile_name}//*, signal peer=@{profile_name}//*,
signal peer=@{profile_name}//&*,
unix type=stream peer=(label=@{profile_name}//*), unix type=stream peer=(label=@{profile_name}//*),
# Allow us to create abstract and anonymous sockets # Allow us to create abstract and anonymous sockets