mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
d64797e4c3
The AppArmor kernel now checks for both read and write permissions when a process calls connect() on a UNIX domain socket. The patch updates four abstractions that were found to be needing changes after the change in AF_UNIX kernel mediation. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
27 lines
899 B
Text
27 lines
899 B
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2012 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
/etc/pkcs11/ r,
|
|
/etc/pkcs11/pkcs11.conf r,
|
|
/etc/pkcs11/modules/ r,
|
|
/etc/pkcs11/modules/* r,
|
|
|
|
/usr/lib{,32,64}/pkcs11/*.so mr,
|
|
/usr/lib/@{multiarch}/pkcs11/*.so mr,
|
|
|
|
/usr/share/p11-kit/modules/ r,
|
|
/usr/share/p11-kit/modules/* r,
|
|
|
|
# gnome-keyring pkcs11 module
|
|
owner /{,var/}run/user/[0-9]*/keyring*/pkcs11 rw,
|
|
|
|
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
|
|
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
|
|
# included in this abstraction.
|