felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): improve sudo abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-19 22:00:05 +00:00
parent 7ae05eb397
commit cbd0b61491
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 13 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/abstractions/sudo
View file

@ -5,6 +5,7 @@
# Minimal set of rules for sudo. Interactive sudo need more rules.
include <abstractions/authentication>
include <abstractions/bus-system>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
@ -17,6 +18,15 @@
network netlink raw, # PAM
dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.logi1.Manager
member=CreateSession
peer=(name=org.freedesktop.login1, label=systemd-logind),
dbus (send receive) bus=session path=/org/freedesktop/systemd1
interface=org.freedesktop.systemd.Manager
member={JobRemoved,StartTransientUnit},
@{lib}/sudo/** mr,
@{etc_ro}/environment r,