felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): use /etc read only variable: etc_ro

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-04 23:34:29 +00:00
parent 6e56cfccc9
commit bac87f9547
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
19 changed files with 33 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-a-f/atd
View file

@ -29,8 +29,8 @@ profile atd @{exec_path} {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}{s,}bin/sendmail rPUx,
/etc/environment r,
/etc/security/limits.d/ r,
@{etc_ro}/environment r,
@{etc_ro}/security/limits.d/ r,
/var/spool/cron/atjobs/{,*} rwl,
/var/spool/cron/atspool/{,*} rwl,

2
apparmor.d/profiles-a-f/check-support-status-hook
View file

@ -119,7 +119,7 @@ profile check-support-status-hook @{exec_path} {
owner @{PROC}/@{pids}/loginuid r,
@{PROC}/1/limits r,
/etc/security/limits.d/ r,
@{etc_ro}/security/limits.d/ r,
/tmp/ r,
owner /tmp/debian-security-support.postinst.*/output w,