mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use nameservice-strict, fix exec

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-30 18:38:26 +02:00 committed by Alex
parent e2e14510ff
commit ddf5f1f512
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apparmor.d/profiles-s-z/zsysd
View File

@ -10,6 +10,7 @@ include <tunables/global>
profile zsysctl @{exec_path} flags=(complain) { profile zsysctl @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dbus-strict> include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
capability sys_ptrace, capability sys_ptrace,
capability sys_admin, capability sys_admin,
@ -18,13 +19,9 @@ profile zsysctl @{exec_path} flags=(complain) {
interface=org.freedesktop.PolicyKit1.Authority interface=org.freedesktop.PolicyKit1.Authority
member=CheckAuthorization, member=CheckAuthorization,
@{exec_path} rm, @{exec_path} rmix,
/{usr/,}bin/zsysctl rix,
/{usr/,}bin/zsysd rix,
/etc/hostid r, /etc/hostid r,
/etc/passwd r,
/etc/nsswitch.conf r,
/etc/zsys.conf r, /etc/zsys.conf r,
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw, /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,