sshd: Ubuntu compatibility (#37)

* Ubuntu, allow fallback

* reverting to Ubuntu compatibility only
This commit is contained in:
nobodysu 2022-05-23 22:16:22 +00:00 committed by GitHub
parent 9a48515089
commit 8deddc8a2c
Failed to generate hash of commit

View file

@ -43,14 +43,17 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
ptrace (read,trace) peer=unconfined, ptrace (read,trace) peer=unconfined,
network inet stream,
network inet6 stream,
@{exec_path} mrix, @{exec_path} mrix,
/{usr/,}bin/{,b,d,rb}ash rUx, /{usr/,}bin/{,b,d,rb}ash rUx,
/{usr/,}bin/{c,k,tc,z}sh rUx, /{usr/,}bin/{c,k,tc,z}sh rUx,
/{usr/,}{s,}bin/nologin rPx, /{usr/,}{s,}bin/nologin rPx,
/{usr/,}bin/false rix,
/{usr/,}bin/passwd rPx, /{usr/,}bin/passwd rPx,
/{usr/,}lib/openssh/sftp-server rPx, /{usr/,}lib/openssh/sftp-server rPx,
/{usr/,}bin/false rix,
/etc/default/locale r, /etc/default/locale r,
/etc/environment r, /etc/environment r,
@ -73,7 +76,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
@{run}/motd.dynamic.new rw, @{run}/motd.dynamic.new rw,
@{run}/resolvconf/resolv.conf r, @{run}/resolvconf/resolv.conf r,
@{run}/systemd/sessions/[0-9]*.ref rw, @{run}/systemd/sessions/[0-9]*.ref rw,
@{run}/systemd/userdb/ r, @{run}/systemd/notify w,
@{sys}/fs/cgroup/*/user/*/[0-9]*/ rw, @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw,
@{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-c[0-9]*.scope/ rw, @{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-c[0-9]*.scope/ rw,
@ -87,11 +90,10 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
@{PROC}/@{pids}/fd/ r, @{PROC}/@{pids}/fd/ r,
@{PROC}/1/environ r, @{PROC}/1/environ r,
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{PROC}/cmdline r,
@{PROC}/filesystems r, @{PROC}/filesystems r,
@{PROC}/sys/kernel/ngroups_max r, @{PROC}/sys/kernel/ngroups_max r,
/dev/ptmx rw, /dev/ptmx rw,
include if exists <local/sshd> include if exists <local/sshd>
} }