mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(profile): ensure PAM & systemd-homed compatibility.

Browse source 
see #321
This commit is contained in:
Alexandre Pujol 2024-05-05 17:42:32 +01:00
parent bfd9e9e3d6
commit d544c386f7
Failed to generate hash of commit
3 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/abstractions/app/sudo
View file

@ -39,6 +39,7 @@
@{etc_ro}/sudoers.d/{,*} r, @{etc_ro}/sudoers.d/{,*} r,
/ r, / r,
/etc/machine-id r,
owner /var/lib/sudo/ts/ rw, owner /var/lib/sudo/ts/ rw,
owner /var/lib/sudo/ts/@{uid} rwk, owner /var/lib/sudo/ts/@{uid} rwk,

6
apparmor.d/profiles-g-l/groups
View file

@ -11,14 +11,10 @@ include <tunables/global>
profile groups @{exec_path} { profile groups @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr, @{exec_path} mr,
/etc/group r,
/etc/nsswitch.conf r,
@{run}/systemd/userdb r,
@{PROC}/sys/kernel/random/boot_id r, @{PROC}/sys/kernel/random/boot_id r,
/dev/tty@{int} rw, /dev/tty@{int} rw,

1
apparmor.d/profiles-s-z/unix-chkpwd
View file

@ -19,6 +19,7 @@ profile unix-chkpwd @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/etc/machine-id r,
/etc/shadow r, /etc/shadow r,
# systemd userdb, used in nspawn # systemd userdb, used in nspawn