mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add the new shells variable to ensure support for all interactive shell.

Browse source 
Fix #269
This commit is contained in:
Alexandre Pujol 2024-01-25 13:16:40 +00:00
parent b376e9fade
commit a30c2e5e85
Failed to generate hash of commit
13 changed files with 17 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/gnome/gnome-control-center
View file

@ -34,8 +34,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
@{bin}/gcm-viewer rix, @{bin}/gcm-viewer rix,
@{bin}/grep rix, @{bin}/grep rix,

3
apparmor.d/groups/gnome/gnome-terminal-server
View file

@ -38,8 +38,7 @@ profile gnome-terminal-server @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
# Some CLI program can be launched directly from Gnome Shell # Some CLI program can be launched directly from Gnome Shell
@{bin}/htop rPx, @{bin}/htop rPx,

3
apparmor.d/groups/gnome/kgx
View file

@ -26,8 +26,7 @@ profile kgx @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
# Some CLI program can be launched directly from Gnome Shell # Some CLI program can be launched directly from Gnome Shell
@{bin}/htop rPx, @{bin}/htop rPx,

3
apparmor.d/groups/ssh/sshd
View file

@ -61,8 +61,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
@{bin}/false rix, @{bin}/false rix,
@{bin}/nologin rPx, @{bin}/nologin rPx,
@{bin}/passwd rPx, @{bin}/passwd rPx,

3
apparmor.d/profiles-a-f/code
View file

@ -42,8 +42,7 @@ profile code flags=(attach_disconnected) {
@{open_path} rPx -> child-open, @{open_path} rPx -> child-open,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
# Confine some common tools # Confine some common tools
@{lib}/code/extensions/git/dist/askpass.sh rPx, @{lib}/code/extensions/git/dist/askpass.sh rPx,

4
apparmor.d/profiles-g-l/login
View file

@ -37,8 +37,8 @@ profile login @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,z,ba,da}sh rUx, @{bin}/@{shells} rUx,
@{bin}/unix_chkpwd rPx, @{bin}/unix_chkpwd rPx,
@{etc_ro}/environment r, @{etc_ro}/environment r,
@{etc_ro}/security/limits.d/{,*} r, @{etc_ro}/security/limits.d/{,*} r,

3
apparmor.d/profiles-m-r/newgrp
View file

@ -21,8 +21,7 @@ profile newgrp @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
/etc/{passwd,group,shadow,gshadow} r, /etc/{passwd,group,shadow,gshadow} r,

6
apparmor.d/profiles-m-r/pam/mappings
View file

@ -41,8 +41,7 @@
capability setgid, capability setgid,
capability setuid, capability setuid,
@{bin}/{,b,d,rb}ash rPx -> confined_user, @{bin}/@{shells} rPx -> confined_user,
@{bin}/{c,k,tc,z}sh rPx -> confined_user,
/etc/default/su r, /etc/default/su r,
@{etc_ro}/environment r, @{etc_ro}/environment r,
@ -63,8 +62,7 @@
capability setgid, capability setgid,
capability setuid, capability setuid,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
/etc/default/su r, /etc/default/su r,
@{etc_ro}/environment r, @{etc_ro}/environment r,

3
apparmor.d/profiles-s-z/su
View file

@ -44,8 +44,7 @@ profile su @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
@{bin}/nologin rPx, @{bin}/nologin rPx,

3
apparmor.d/profiles-s-z/sudo
View file

@ -53,8 +53,7 @@ profile sudo @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{lib}/sudo/** mr, @{lib}/sudo/** mr,
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
@{lib}/** rPUx, @{lib}/** rPUx,
/opt/*/** rPUx, /opt/*/** rPUx,
/snap/snapd/@{int}@{bin}/snap rPUx, /snap/snapd/@{int}@{bin}/snap rPUx,

3
apparmor.d/profiles-s-z/sulogin
View file

@ -16,8 +16,7 @@ profile sulogin @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
/etc/shadow r, /etc/shadow r,

3
apparmor.d/profiles-s-z/terminator
View file

@ -29,8 +29,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
@{bin}/python3.@{int} rix, @{bin}/python3.@{int} rix,
# The shell is not confined on purpose. # The shell is not confined on purpose.
@{bin}/{,b,d,rb}ash rUx, @{bin}/@{shells} rUx,
@{bin}/{c,k,tc,z}sh rUx,
owner @{user_config_dirs}/terminator/{,**} rw, owner @{user_config_dirs}/terminator/{,**} rw,

3
apparmor.d/tunables/multiarch.d/paths
View file

@ -4,6 +4,9 @@
# Define some paths for some commonly used programs # Define some paths for some commonly used programs
# All the shells
@{shells} = sh zsh bash dash fish rbash ksh tcsh csh
# Browsers # Browsers
@{brave_name} = brave{,-beta,-dev,-bin} @{brave_name} = brave{,-beta,-dev,-bin}