felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'nobodysu'

Browse source 
* nobodysu:
  Update su
This commit is contained in:
Alexandre Pujol 2021-12-14 18:33:20 +00:00
commit accf5538bd
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/profiles-s-z/su
View file

@ -19,6 +19,9 @@ profile su @{exec_path} {
capability setgid, capability setgid,
capability setuid, capability setuid,
#audit deny capability net_bind_service, #audit deny capability net_bind_service,
capability sys_resource,
# No clear purpose, deny until needed
deny capability net_admin,
signal (send) set=(term,kill), signal (send) set=(term,kill),
signal (receive) set=(int,quit,term), signal (receive) set=(int,quit,term),
@ -46,5 +49,9 @@ profile su @{exec_path} {
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{sys}/devices/virtual/tty/console/active r, @{sys}/devices/virtual/tty/console/active r,
# pseudo-terminal
capability chown,
/dev/{,pts/}ptmx rw,
include if exists <local/su> include if exists <local/su>
} }