mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
1cc0885890
This patch adds the kernelvars tunable to the global set that is usually included by default in apparmor policies. It then converts the rules that are intended to match /proc/pid to use this tunable. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Seth Arnold <seth.arnold@canonical.com>
17 lines
343 B
Text
17 lines
343 B
Text
# vim:syntax=apparmor
|
|
#
|
|
# for allowing access to konsole
|
|
#
|
|
|
|
#include <abstractions/consoles>
|
|
#include <abstractions/kde>
|
|
capability sys_ptrace,
|
|
@{PROC}/@{pid}/status r,
|
|
@{PROC}/@{pid}/stat r,
|
|
@{PROC}/@{pid}/cmdline r,
|
|
/{,var/}run/utmp r,
|
|
/dev/ptmx rw,
|
|
|
|
# do not use ux or Ux here. Use at a minimum ix
|
|
/usr/bin/konsole ix,
|
|
|