mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
09573220d2
This manifested with chmod calls failing in autopkgtests of dbus and snapd Reported-by: Alex Murray <alex.murray@canonical.com> Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
38 lines
1,019 B
Text
38 lines
1,019 B
Text
#------------------------------------------------------------------
|
|
# Copyright (C) 2024 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
abi <abi/4.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile tar /usr/bin/tar {
|
|
include <abstractions/base>
|
|
|
|
# used to extract user files as root
|
|
capability chown,
|
|
capability fowner,
|
|
|
|
# used to compress user files as root
|
|
capability dac_override,
|
|
capability dac_read_search,
|
|
|
|
file rwl /**,
|
|
|
|
# tar can be made to filter archives through an arbitrary program
|
|
/{usr{/local,},}/{bin,sbin}/* ix,
|
|
/opt/** ix,
|
|
|
|
# tar can compress/extract files over rsh/ssh
|
|
network stream ip=127.0.0.1,
|
|
network stream ip=::1,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/tar>
|
|
}
|
|
|