mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge profiles/apparmor.d/abstraction: Squash noisey setsockopt calls.

Browse source 
systemd will attempt to force socket buffer size using setsockopt
and param SO_SNDBUFFORCE (which require net_admin cap) if it's previous
attempt to set size was clipped by kernel limit.

- Silence 'type=AVC msg=audit(1648725005.727:201): apparmor="DENIED" operation="capable" profile="smbd" pid=3054 comm="smbd" capability=12  capname="net_admin"'

type entries.

Signed-off-by: Noel Power <noel.power@suse.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/867
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2022-04-12 05:14:24 +00:00
commit 4537a5014b
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
profiles/apparmor.d/abstractions/samba
View file

@ -34,5 +34,7 @@
# required for clustering
/var/lib/ctdb/** rwk,
deny capability net_admin, # noisy setsockopt() calls from systemd
# Include additions to the abstraction
include if exists <abstractions/samba.d>