mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b57f29ee7b
apparmor.d/profiles/abstractions/deny-root-dir-access
Alexandre Pujol b57f29ee7b
Rewrite Copyright header, use SPDX style.
2021-04-01 16:17:47 +01:00

17 lines
800 B
Plaintext
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only
# The goal of this abstraction is preventing apps (GUI) to be run as the root user by restraining
# access to the /root/ dir and its subdirectories. If you don't want to start an app as the super
# user (possibly by mistake), just include this abstraction in the app's AppArmor profile.
#
# Note that some apps will work anyway when run as root even if all of the files in the /root/
# are denied. Anyway, most of the apps refuse to start when they don't get the access to the
# needed files in the user home dir.
abi <abi/3.0>,
# Use audit for now to see whether some apps are trying to get access to the /root/ dir.
audit deny /root/{,**} rwkmlx,
Reference in New Issue View Git Blame Copy Permalink