mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles
History
John Johansen b6f2a3d9d2 Merge profiles: Add profile for bwrap utility 
This adds a bwrap profile to allow it to function on a system with
user namespace restrictions enabled.

The child task of bwrap will enter into a profile without capabilities
thus preventing bwrap from being able to be used to arbitrarily
by-pass user namespace restrictions.

This profile does prevent applications launch with privilege (eg.
sudo bwrap ...) from functioning so it may break some use cases.

Note: The unpriv_bwrap profile is deliberately stacked against the
bwrap profile due to bwraps uses of no-new-privileges.

Fixes: https://bugs.launchpad.net/ubuntu/+source/pageedit/+bug/2046844
Signed-off-by: John Johansen <john.johansen@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1205
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
2024-04-04 05:42:27 +00:00
..
apparmor/profiles/extras usr.sbin.sshd: Add new permissions needed on Ubuntu 24.04 2024-03-27 04:07:31 -04:00
apparmor.d Merge profiles: Add profile for bwrap utility 2024-04-04 05:42:27 +00:00
Makefile Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00