mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
From the README in the toplevel source: "[P11-KIT] Provides a way to load and enumerate PKCS#11 modules. Provides a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable." File locatations are described in [1]. There is a global configuration file in /etc/pkcs11/pkcs11.conf. Per module configuration happens in /etc/pkcs11/<module name>. There is also user configuration in ~/.pkcs11, but IMO this should not be allowed in the abstraction. Example configuration can be seen in the upstream documentation[2]. This will likely need to be refined as more applications use p11-kit. [1]http://p11-glue.freedesktop.org/doc/p11-kit/config-locations.html [2]http://p11-glue.freedesktop.org/doc/p11-kit/config-example.html Acked-by: Jamie Strandboge <jamie@canonical.com>
This commit is contained in:
Jamie Strandboge
parent
47280bb483
commit
572bab7e84
1 changed files with 18 additions and 0 deletions
18
profiles/apparmor.d/abstractions/p11-kit
Normal file
18
profiles/apparmor.d/abstractions/p11-kit
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# ------------------------------------------------------------------
|
||||
#
|
||||
# Copyright (C) 2012 Canonical Ltd.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of version 2 of the GNU General Public
|
||||
# License published by the Free Software Foundation.
|
||||
#
|
||||
# ------------------------------------------------------------------
|
||||
|
||||
/etc/pkcs11/ r,
|
||||
/etc/pkcs11/pkcs11.conf r,
|
||||
/etc/pkcs11/modules/ r,
|
||||
/etc/pkcs11/modules/* r,
|
||||
|
||||
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
|
||||
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
|
||||
# included in this abstraction.
|
||||
Loading…
Add table
Reference in a new issue