felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): use /etc read only variable: etc_ro

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-04 23:34:29 +00:00
parent 6e56cfccc9
commit bac87f9547
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
19 changed files with 33 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apparmor.d/groups/ssh/sshd
View file

@ -68,15 +68,15 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
/etc/shells r,
/etc/default/locale r,
/etc/environment r,
@{etc_ro}/environment r,
/etc/gss/mech.d/{,*} r,
/etc/issue.net r,
/etc/motd r,
/etc/security/limits.d/{,*.conf} r,
@{etc_ro}/security/limits.d/{,*.conf} r,
@{etc_ro}/ssh/sshd_config r,
@{etc_ro}/ssh/sshd_config.d/{,*} r,
/etc/ssh/ssh_host_* r,
/etc/ssh/sshd_config r,
/etc/ssh/sshd_config.d/{,*} r,
# For scp
owner @{user_download_dirs}/{,**} rwl,