felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

socat: minor fix in the profile

Browse source 
- Use @{bin}
 - Allow executable mapping and read for the binary

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>
This commit is contained in:
Nishit Majithia 2024-08-30 20:24:42 +05:30
parent b9eb783338
commit d567f5156e
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/network/socat
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/bin/socat @{exec_path} = @{bin}/socat
profile socat @{exec_path} { profile socat @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@ -29,6 +29,8 @@ profile socat @{exec_path} {
# fuctionalities that is why it is necessary to allow whole `network` # fuctionalities that is why it is necessary to allow whole `network`
network, network,
@{exec_path} mr,
# Enale /dev/ptmx access for testsuite # Enale /dev/ptmx access for testsuite
# /dev/ptmx rw, # /dev/ptmx rw,