Add profile for klist
This commit is contained in:
doublez13
Alex
parent
4f4f5c464e
commit
a4798a2f38
1 changed files with 36 additions and 0 deletions
36
apparmor.d/profiles-g-l/klist
Normal file
36
apparmor.d/profiles-g-l/klist
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2025 Zane Zakraisek <zakraise@eng.utah.edu>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/4.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/klist
|
||||
profile klist @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
#Allow root to list other users' creds cache
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
|
||||
#Config Files
|
||||
/etc/krb5.conf r,
|
||||
/etc/krb5.conf.d/{,**} r,
|
||||
|
||||
#Host keytab file
|
||||
/etc/krb5.keytab r,
|
||||
|
||||
#User keytab file
|
||||
/var/lib/krb5/user/*/client.keytab rk,
|
||||
|
||||
#Credentials cache
|
||||
/tmp/krb5cc_* rk,
|
||||
/tmp/tkt* rk,
|
||||
|
||||
include if exists <local/klist>
|
||||
}
|
||||
|
||||
# vim:syntax=apparmor
|
||||
Loading…
Add table
Add a link
Reference in a new issue