Tighten the permissions of ufw

2025-01-19 01:18:16 +01:00 · 2024-08-24 19:35:21 +08:00 · 2024-08-24 19:35:21 +08:00 · d5ee5c51cb
commit d5ee5c51cb
parent cecd0a6284
1 changed files with 5 additions and 3 deletions
--- a/apparmor.d/profiles-s-z/ufw
+++ b/apparmor.d/profiles-s-z/ufw
@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2024 EricLin
+# Copyright (C) 2024 EricLin <ericlin050914@gmail.com>
 # SPDX-License-Identifier: GPL-2.0-only

 abi <abi/3.0>,
@ -44,8 +44,10 @@ profile ufw @{exec_path} {
    /etc/passwd r,
    /etc/services r,

-    /var/tmp/* rw,
-    /tmp/* rw,
+    /var/tmp/@{rand8} rw,
+    /var/tmp/tmp* rw,
+    /tmp/@{rand8} rw,
+    /tmp/tmp* rw,

    /dev/pts/[0-9]* rw,
    /dev/tty rw,