feat(profile): minor sshd improvement.

2025-07-10 00:52:26 +02:00 · 2025-07-10 00:52:26 +02:00 · e9fbc35036
commit e9fbc35036
parent 1b1a4c11ac
2 changed files with 7 additions and 0 deletions
--- a/apparmor.d/groups/ssh/sshd-auth
+++ b/apparmor.d/groups/ssh/sshd-auth
@ -24,6 +24,8 @@ profile sshd-auth @{exec_path} {
  @{exec_path} mr,
  @{sbin}/sshd.hmac r,

+  /etc/gss/mech.d/{,*} r,
+
  include if exists <local/sshd-auth>
 }

--- a/apparmor.d/groups/ssh/sshd-session
+++ b/apparmor.d/groups/ssh/sshd-session
@ -47,6 +47,11 @@ profile sshd-session @{exec_path} flags=(attach_disconnected) {
       member={CreateSession,ReleaseSession,CreateSessionWithPIDFD}
       peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"),

+  dbus send bus=system path=/org/freedesktop/home1
+       interface=org.freedesktop.home1.Manager
+       member=GetUserRecordByName
+       peer=(name=org.freedesktop.home1, label="@{p_systemd_homed}"),
+
  @{exec_path} mr,

  @{bin}/@{shells}                   Ux, #aa:exclude RBAC