mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles/apparmor.d/tinyproxy: allow flexibility in deployment

Browse source 
Add rules to allow tinyproxy to bind to privileged ports and access files even
when run as unprivileged/privileged users when using non-standard
configurations. As suggested by @rlee287.

Signed-off-by: Alex Murray <alex.murray@canonical.com>
This commit is contained in:
Alex Murray 2025-01-22 15:00:27 +10:30
parent f6a733de6a
commit 6f961edaf9
Failed to generate hash of commit
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
profiles/apparmor.d/tinyproxy
View file

@ -19,6 +19,13 @@ profile tinyproxy /usr/bin/tinyproxy {
include <abstractions/nameservice>
file rw /run/tinyproxy/tinyproxy.pid,
# to provide flexibility, when run as a root tinyproxy may need to run files
# owned by other users and similarly when run as an unprivileged user allow
# tinyproxy to bind to privileged ports
capability dac_override,
capability dac_read_search,
capability net_bind_service,
file mr /usr/bin/tinyproxy,
file r @{etc_ro}/tinyproxy/tinyproxy.conf,