mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
cherrypick 2111 from trunk:
add read access to @{PROC}/sys/vm/overcommit_memory as used by glibc. See
http://sourceware.org/git/?p=glibc.git;a=commit;h=9fab36eb583c0e585e83a01253299afed9ea9a11
Acked-By: Christian Boltz <apparmor@cboltz.de>
Acked-By: Jamie Strandboge <jamie@canonical.com>
This commit is contained in:
Jamie Strandboge
parent
e9353b757c
commit
5d439f2fcc
1 changed files with 3 additions and 0 deletions
|
|
@ -100,6 +100,9 @@
|
|||
# glibc statvfs
|
||||
@{PROC}/filesystems r,
|
||||
|
||||
# glibc malloc (man 5 proc)
|
||||
@{PROC}/sys/vm/overcommit_memory r,
|
||||
|
||||
# Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
|
||||
# filesystems generally. This does not appreciably decrease security with
|
||||
# Ubuntu profiles because the user is expected to have access to files owned
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue