mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add unix domain socket

Browse Source 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
This commit is contained in:
Jeroen Rijken 2023-06-05 21:18:32 +02:00 committed by Alex
parent 5ccd92e12f
commit a84f0b540c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.d/groups/ssh/sshfs
View File

@ -12,6 +12,8 @@ profile sshfs @{exec_path} flags=(complain) {
@{exec_path} mr, @{exec_path} mr,
unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount",addr=none),
/{usr/,}bin/ssh rPx, /{usr/,}bin/ssh rPx,
/{usr/,}bin/fusermount{,3} rCx -> fusermount, /{usr/,}bin/fusermount{,3} rCx -> fusermount,
@ -23,13 +25,15 @@ profile sshfs @{exec_path} flags=(complain) {
@{PROC}/sys/fs/pipe-max-size r, @{PROC}/sys/fs/pipe-max-size r,
profile fusermount { profile fusermount flags=(complain) {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
# To mount anything: # To mount anything:
capability sys_admin, capability sys_admin,
unix (connect, send, receive) type=stream peer=(label="sshfs",addr=none),
/{usr/,}bin/fusermount{,3} mr, /{usr/,}bin/fusermount{,3} mr,
mount fstype={fuse,fuse.sshfs} -> @{HOME}/*/, mount fstype={fuse,fuse.sshfs} -> @{HOME}/*/,