feat(profiles): general update.

2022-07-15 21:55:59 +01:00 · 2022-07-15 21:55:59 +01:00 · eb6c7548f5
commit eb6c7548f5
parent 682df516bf
21 changed files with 96 additions and 62 deletions
--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@ -29,6 +29,8 @@ profile sudo @{exec_path} {
  capability sys_ptrace,
  capability sys_resource,

+  network inet dgram,
+  network inet6 dgram,
  network netlink raw,   # PAM

  ptrace (read),
@ -72,6 +74,7 @@ profile sudo @{exec_path} {
        @{run}/faillock/{,*} rwk,
        @{run}/resolvconf/resolv.conf r,

+  @{PROC}/@{pids}/cgroup r,
  @{PROC}/@{pids}/fd/ r,
  @{PROC}/@{pids}/stat r,
  @{PROC}/1/limits r,
--- a/apparmor.d/profiles-s-z/sulogin
+++ b/apparmor.d/profiles-s-z/sulogin
@ -15,6 +15,8 @@ profile sulogin @{exec_path} {

  @{exec_path} mr,

+  /{usr/,}bin/{,ba,da}sh  rux,
+
  /etc/shadow r,

  /dev/ r,