mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-09 10:51:03 +01:00
1cc0885890
This patch adds the kernelvars tunable to the global set that is usually included by default in apparmor policies. It then converts the rules that are intended to match /proc/pid to use this tunable. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Seth Arnold <seth.arnold@canonical.com>
16 lines
306 B
Text
16 lines
306 B
Text
# vim:syntax=apparmor
|
|
|
|
#
|
|
# Plugins/helpers
|
|
#
|
|
@{PROC}/@{pid}/fd/ r,
|
|
/usr/lib/** rm,
|
|
/bin/bash ixr,
|
|
/bin/dash ixr,
|
|
/bin/grep ixr,
|
|
/bin/sed ixr,
|
|
/usr/bin/m4 ixr,
|
|
|
|
# Since all the ubuntu-browsers.d abstractions need this, just include it
|
|
# here
|
|
#include <abstractions/ubuntu-helpers>
|