Update profiles.
This commit is contained in:
Alexandre Pujol
parent
4522ca91db
commit
dc0347388b
14 changed files with 41 additions and 45 deletions
|
|
@ -12,15 +12,13 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
# Needed for logfiles owned by other users than root, for instance exim.
|
||||
capability dac_read_search,
|
||||
capability dac_override,
|
||||
|
||||
capability chown,
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
capability fowner,
|
||||
capability fsetid,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
capability fsetid,
|
||||
capability fowner,
|
||||
|
||||
# Needed?
|
||||
audit deny capability net_admin,
|
||||
|
|
@ -67,7 +65,6 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
|
|||
|
||||
@{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
|
||||
|
||||
|
||||
profile systemctl flags=(attach_disconnected, complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/wutmp>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue