mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
Merge profiles/apparmor.d/abstraction: Squash noisey setsockopt calls.
systemd will attempt to force socket buffer size using setsockopt and param SO_SNDBUFFORCE (which require net_admin cap) if it's previous attempt to set size was clipped by kernel limit. - Silence 'type=AVC msg=audit(1648725005.727:201): apparmor="DENIED" operation="capable" profile="smbd" pid=3054 comm="smbd" capability=12 capname="net_admin"' type entries. Signed-off-by: Noel Power <noel.power@suse.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/867 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
commit
4537a5014b
1 changed files with 2 additions and 0 deletions
|
|
@ -34,5 +34,7 @@
|
|||
# required for clustering
|
||||
/var/lib/ctdb/** rwk,
|
||||
|
||||
deny capability net_admin, # noisy setsockopt() calls from systemd
|
||||
|
||||
# Include additions to the abstraction
|
||||
include if exists <abstractions/samba.d>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue