From 5c6f9c51b5e609c23d773576cc449337295782fe Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 5 Apr 2024 23:48:03 +0100 Subject: [PATCH] feat(abs): cleanup sudo abs. --- apparmor.d/abstractions/app/sudo | 16 +++++++++------- apparmor.d/profiles-s-z/sudo | 2 -- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index a6785915..e791caea 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -40,23 +40,25 @@ / r, - @{PROC}/@{pid}/limits r, - @{PROC}/@{pid}/loginuid r, - @{PROC}/@{pid}/stat r, - @{PROC}/sys/kernel/cap_last_cap r, - @{PROC}/sys/kernel/ngroups_max r, - @{PROC}/sys/kernel/seccomp/actions_avail r, - owner /var/lib/sudo/ts/ rw, owner /var/lib/sudo/ts/@{uid} rwk, owner /var/log/sudo.log wk, + owner @{HOME}/.sudo_as_admin_successful rw, + @{run}/faillock/{,*} rwk, owner @{run}/sudo/ rw, owner @{run}/sudo/ts/ rw, owner @{run}/sudo/ts/@{uid} rwk, + @{PROC}/@{pid}/limits r, + @{PROC}/@{pid}/loginuid r, + @{PROC}/@{pid}/stat r, + @{PROC}/sys/kernel/cap_last_cap r, + @{PROC}/sys/kernel/ngroups_max r, + @{PROC}/sys/kernel/seccomp/actions_avail r, + /dev/ r, /dev/ptmx rwk, /dev/tty rwk, diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index 0137ead6..8331f107 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -41,8 +41,6 @@ profile sudo @{exec_path} flags=(attach_disconnected) { /var/lib/sudo/lectured/ r, owner /var/lib/sudo/lectured/@{uid} rw, - owner @{HOME}/.sudo_as_admin_successful rw, - @{run}/ r, @{run}/systemd/sessions/* r,