mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles
History
John Johansen 6198edb3d0 Merge profiles: Add profile for unshare utility 
This adds an unshare profile to allow it to function on a system
with user namespace restrictions enabled.

The child task of unshare will enter into a profile without capabilities
thus preventing unshare from being able to be used to
arbitrarily by-pass the user namespace restriction.

This profile does prevent applications launch with privilege (eg.
sudo unshare ...) from functioning so it may break some use cases.

Fixes: https://bugs.launchpad.net/ubuntu/+source/pageedit/+bug/2046844
Signed-off-by: John Johansen <john.johansen@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1204
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 2d59dc3d9b)
Signed-off-by: John Johansen <john.johansen@canonical.com>
2024-04-03 22:45:10 -07:00
..
apparmor/profiles/extras Merge usr.sbin.sshd: Add new permissions needed on Ubuntu 24.04 2024-04-03 02:29:31 -07:00
apparmor.d Merge profiles: Add profile for unshare utility 2024-04-03 22:45:10 -07:00
Makefile Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00