mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Merge from trunk commit 2058:
Original message:
Description: let sanitized-helper also allow access to /usr/local.
Patch based on work by Reuben Thomas
Bug-Ubuntu: https://launchpad.net/bugs/1013887
Acked-By: Jamie Strandboge <jamie@canonical.com>
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Steve Beattie
parent
3e18698c78
commit
8e33b4a173
1 changed files with 4 additions and 3 deletions
|
|
@ -43,10 +43,11 @@ profile sanitized_helper {
|
|||
/bin/* Pixr,
|
||||
/sbin/* Pixr,
|
||||
/usr/bin/* Pixr,
|
||||
/usr/local/bin/* Pixr,
|
||||
/usr/sbin/* Pixr,
|
||||
|
||||
# Allow exec of libexec applications in /usr/lib*
|
||||
/usr/lib*/{,**/}* Pixr,
|
||||
# Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
|
||||
/usr/{,local/}lib*/{,**/}* Pixr,
|
||||
|
||||
# Allow exec of software-center scripts. We may need to allow wider
|
||||
# permissions for /usr/share, but for now just do this. (LP: #972367)
|
||||
|
|
@ -65,7 +66,7 @@ profile sanitized_helper {
|
|||
# Full access
|
||||
/ r,
|
||||
/** rwkl,
|
||||
/{,usr/}lib{,32,64}/{,**/}*.so{,.*} m,
|
||||
/{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
|
||||
|
||||
# Dangerous files
|
||||
audit deny owner /**/* m, # compiled libraries
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue