mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(abs): extend deny-sensitive with new user_password_store_dirs var.

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-01 22:34:54 +00:00
parent 7d660f7c23
commit f19379c55f
Failed to generate hash of commit
1 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
apparmor.d/abstractions/deny-sensitive-home
View file

@ -11,19 +11,21 @@
# Use in this project: file browser and search engine # Use in this project: file browser and search engine
deny @{HOME}/.*_history rwlk, deny @{HOME}/.*_history rwlk,
deny @{HOME}/.*age*{,/{,**}} rwlk, deny @{HOME}/.*age*{,/{,**}} rwlk,
deny @{HOME}/.*cert*{,/{,**}} rwlk, deny @{HOME}/.*cert*{,/{,**}} rwlk,
deny @{HOME}/.*key*{,/{,**}} rwlk, deny @{HOME}/.*key*{,/{,**}} rwlk,
deny @{HOME}/.*pass*{,/{,**}} rwlk, deny @{HOME}/.*pass*{,/{,**}} rwlk,
deny @{HOME}/.*pki*{,/{,**}} rwlk, deny @{HOME}/.*pki*{,/{,**}} rwlk,
deny @{HOME}/.*private*{,/{,**}} rwlk, deny @{HOME}/.*private*{,/{,**}} rwlk,
deny @{HOME}/.*secret*{,/{,**}} rwlk, deny @{HOME}/.*secret*{,/{,**}} rwlk,
deny @{HOME}/.*yubi*{,/{,**}} rwlk, deny @{HOME}/.*yubi*{,/{,**}} rwlk,
deny @{HOME}/.lesshst* rwlk, deny @{HOME}/.lesshst* rwlk,
deny @{HOME}/.wget-hsts rwlk, deny @{HOME}/.wget-hsts rwlk,
deny @{HOME}/@{XDG_GPG_DIR}/{,**} rwlk, deny @{HOME}/@{XDG_GPG_DIR}/{,**} rwlk,
deny @{HOME}/@{XDG_SSH_DIR}/{,**} rwlk, deny @{HOME}/@{XDG_SSH_DIR}/{,**} rwlk,
deny @{user_config_dirs}/*-store/{,**} rwlk,
deny @{user_password_store_dirs}/{,**} rwlk,
# Deny executable mapping in writable space as allowed in abstractions/fonts # Deny executable mapping in writable space as allowed in abstractions/fonts
deny @{HOME}/.{,cache/}fontconfig/ rw, deny @{HOME}/.{,cache/}fontconfig/ rw,