feat(abs): cleanup sudo abs.

This commit is contained in:
Alexandre Pujol 2024-04-05 23:48:03 +01:00
parent 2324da2fa7
commit 5c6f9c51b5
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 9 additions and 9 deletions

View File

@ -40,23 +40,25 @@
/ r, / r,
@{PROC}/@{pid}/limits r,
@{PROC}/@{pid}/loginuid r,
@{PROC}/@{pid}/stat r,
@{PROC}/sys/kernel/cap_last_cap r,
@{PROC}/sys/kernel/ngroups_max r,
@{PROC}/sys/kernel/seccomp/actions_avail r,
owner /var/lib/sudo/ts/ rw, owner /var/lib/sudo/ts/ rw,
owner /var/lib/sudo/ts/@{uid} rwk, owner /var/lib/sudo/ts/@{uid} rwk,
owner /var/log/sudo.log wk, owner /var/log/sudo.log wk,
owner @{HOME}/.sudo_as_admin_successful rw,
@{run}/faillock/{,*} rwk, @{run}/faillock/{,*} rwk,
owner @{run}/sudo/ rw, owner @{run}/sudo/ rw,
owner @{run}/sudo/ts/ rw, owner @{run}/sudo/ts/ rw,
owner @{run}/sudo/ts/@{uid} rwk, owner @{run}/sudo/ts/@{uid} rwk,
@{PROC}/@{pid}/limits r,
@{PROC}/@{pid}/loginuid r,
@{PROC}/@{pid}/stat r,
@{PROC}/sys/kernel/cap_last_cap r,
@{PROC}/sys/kernel/ngroups_max r,
@{PROC}/sys/kernel/seccomp/actions_avail r,
/dev/ r, /dev/ r,
/dev/ptmx rwk, /dev/ptmx rwk,
/dev/tty rwk, /dev/tty rwk,

View File

@ -41,8 +41,6 @@ profile sudo @{exec_path} flags=(attach_disconnected) {
/var/lib/sudo/lectured/ r, /var/lib/sudo/lectured/ r,
owner /var/lib/sudo/lectured/@{uid} rw, owner /var/lib/sudo/lectured/@{uid} rw,
owner @{HOME}/.sudo_as_admin_successful rw,
@{run}/ r, @{run}/ r,
@{run}/systemd/sessions/* r, @{run}/systemd/sessions/* r,