mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-19 09:28:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(profile): crontab editor issues with cronie

Browse source 
fix #479
This commit is contained in:
Alexandre Pujol 2024-09-12 12:18:05 +01:00
parent fb93ac0df3
commit feb482edd9
Failed to generate hash of commit
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/groups/cron/crontab
View file

@ -14,11 +14,15 @@ profile crontab @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
capability audit_write,
capability chown,
capability dac_read_search, capability dac_read_search,
capability net_admin, capability net_admin,
capability setgid, capability setgid,
capability setuid, capability setuid,
network netlink raw,
@{exec_path} mr, @{exec_path} mr,
@{sh_path} rix, @{sh_path} rix,
@ -30,11 +34,11 @@ profile crontab @{exec_path} {
/etc/security/*.conf r, /etc/security/*.conf r,
/var/spool/cron/ r, /var/spool/cron/ r,
/var/spool/cron/crontabs/ rw, /var/spool/cron/** rw,
/var/spool/cron/user r,
owner /var/spool/cron/crontabs/* rw,
owner @{tmp}/crontab.@{rand6}/{,crontab} rw, owner @{user_cache_dirs}/crontab/crontab.bak rw,
@{tmp}/crontab.@{rand6}/{,crontab} rwl,
profile editor { profile editor {
include <abstractions/base> include <abstractions/base>