mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'nobodysu'

Browse Source 
* nobodysu:
  Update su
This commit is contained in:
Alexandre Pujol 2021-12-14 18:33:20 +00:00
commit accf5538bd
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apparmor.d/profiles-s-z/su
View File

@ -19,6 +19,9 @@ profile su @{exec_path} {
capability setgid,
capability setuid,
#audit deny capability net_bind_service,
capability sys_resource,
# No clear purpose, deny until needed
deny capability net_admin,
signal (send) set=(term,kill),
signal (receive) set=(int,quit,term),
@ -45,6 +48,10 @@ profile su @{exec_path} {
# For pam_securetty
@{PROC}/cmdline r,
@{sys}/devices/virtual/tty/console/active r,
# pseudo-terminal
capability chown,
/dev/{,pts/}ptmx rw,
include if exists <local/su>
}