2019-10-31 11:19:44 -04:00
|
|
|
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
2019-10-28 10:26:14 -04:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2019-10-28 10:20:08 -04:00
|
|
|
#include <tunables/global>
|
|
|
|
|
|
|
|
|
|
/usr/lib/security-misc/permission-lockdown flags=(attach_disconnected) {
|
2019-11-10 08:28:32 -05:00
|
|
|
#include <abstractions/base>
|
2019-10-28 10:20:08 -04:00
|
|
|
#include <abstractions/bash>
|
|
|
|
|
|
|
|
|
|
capability dac_override,
|
|
|
|
|
capability dac_read_search,
|
|
|
|
|
capability fowner,
|
|
|
|
|
capability fsetid,
|
|
|
|
|
|
2019-10-31 12:32:28 -04:00
|
|
|
/bin/bash rix,
|
|
|
|
|
/usr/bin/bash rix,
|
2019-10-28 10:20:08 -04:00
|
|
|
/bin/chmod mrix,
|
|
|
|
|
/bin/echo mrix,
|
|
|
|
|
/bin/mkdir mrix,
|
|
|
|
|
/bin/touch mrix,
|
2019-11-19 10:29:02 -05:00
|
|
|
/usr/bin/chmod mrix,
|
2019-10-28 10:20:08 -04:00
|
|
|
/usr/bin/basename mrix,
|
|
|
|
|
/usr/bin/touch mrix,
|
|
|
|
|
/usr/lib/security-misc/permission-lockdown r,
|
|
|
|
|
|
|
|
|
|
/home/*/ w,
|
|
|
|
|
|
|
|
|
|
/{usr/,}lib{,32,64}/** mr,
|
|
|
|
|
|
|
|
|
|
/etc/ld.so.cache r,
|
|
|
|
|
owner /etc/locale.alias r,
|
|
|
|
|
owner /etc/nsswitch.conf r,
|
|
|
|
|
owner /etc/passwd r,
|
|
|
|
|
|
|
|
|
|
owner /var/cache/security-misc/state-files/ rw,
|
|
|
|
|
owner /var/cache/security-misc/state-files/* rw,
|
|
|
|
|
|
|
|
|
|
/dev/tty rw,
|
2019-11-26 12:12:12 -05:00
|
|
|
/dev/pts/[0-9]* rw,
|
2019-10-31 12:32:28 -04:00
|
|
|
|
2019-10-28 10:20:08 -04:00
|
|
|
#include <local/usr.lib.security-misc.permission-lockdown>
|
|
|
|
|
}
|
