mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
nobodysu 2022-02-20 02:29:31 +03:00
parent b5cdd0af44
commit ceb60bde82
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apparmor.d/profiles-s-z/su
View file

@ -19,6 +19,9 @@ profile su @{exec_path} {
capability setgid, capability setgid,
capability setuid, capability setuid,
capability dac_read_search, capability dac_read_search,
capability sys_resource,
# No clear purpose, deny until needed
deny capability net_admin,
#audit deny capability net_bind_service, #audit deny capability net_bind_service,
signal (send) set=(term,kill), signal (send) set=(term,kill),
@ -51,11 +54,6 @@ profile su @{exec_path} {
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{sys}/devices/virtual/tty/console/active r, @{sys}/devices/virtual/tty/console/active r,
# Upstreaming
capability sys_resource,
# No clear purpose, deny until needed
deny capability net_admin,
# pseudo-terminal # pseudo-terminal
capability chown, capability chown,