felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): minor sshd improvement.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-10 00:52:26 +02:00
parent 1b1a4c11ac
commit e9fbc35036
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/ssh/sshd-auth
View file

@ -24,6 +24,8 @@ profile sshd-auth @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{sbin}/sshd.hmac r, @{sbin}/sshd.hmac r,
/etc/gss/mech.d/{,*} r,
include if exists <local/sshd-auth> include if exists <local/sshd-auth>
} }

5
apparmor.d/groups/ssh/sshd-session
View file

@ -47,6 +47,11 @@ profile sshd-session @{exec_path} flags=(attach_disconnected) {
member={CreateSession,ReleaseSession,CreateSessionWithPIDFD} member={CreateSession,ReleaseSession,CreateSessionWithPIDFD}
peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"),
dbus send bus=system path=/org/freedesktop/home1
interface=org.freedesktop.home1.Manager
member=GetUserRecordByName
peer=(name=org.freedesktop.home1, label="@{p_systemd_homed}"),
@{exec_path} mr, @{exec_path} mr,
@{bin}/@{shells} Ux, #aa:exclude RBAC @{bin}/@{shells} Ux, #aa:exclude RBAC