felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): start using the sudo abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-13 16:17:20 +00:00
parent 7415b85e1c
commit c33cd740c9
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 6 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

29
apparmor.d/profiles-m-r/rustdesk
View file

@ -59,39 +59,14 @@ profile rustdesk @{exec_path} {
profile sudo {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/consoles>
include <abstractions/python>
include <abstractions/wutmp>
capability sys_resource,
capability setuid,
capability setgid,
capability audit_write,
network netlink raw,
include <abstractions/sudo>
@{bin}/sudo rm,
@{bin}/rustdesk rPx,
@{bin}/python3.@{int} rPx -> rustdesk_python,
/etc/sudo.conf r,
/etc/sudoers r,
/etc/pam.d/* r,
/etc/login.defs r,
/etc/shadow r,
/etc/security/capability.conf r,
/etc/security/limits.conf r,
/etc/security/limits.d/{,*} r,
/etc/security/pam_env.conf r,
/etc/sudoers.d/{,*} r,
/etc/environment r,
/etc/default/locale r,
@{PROC}/1/limits r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/fd/ r,
include if exists <local/rustdesk_sudo>
}