Merge remote-tracking branch 'origin/master'

2024-10-01 08:25:45 -04:00 · 2019-12-21 06:57:10 -05:00 · 2019-12-21 06:57:10 -05:00 · 2350e0f5d0
commit 2350e0f5d0
parent 3ea587187e efd65a3f15
2 changed files with 0 additions and 84 deletions
--- a/etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
+++ b/etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
@ -1,42 +0,0 @@
-## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
-## See the file COPYING for copying conditions.
-
-#include <tunables/global>
-
-/usr/lib/security-misc/pam_tally2-info flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-
-  capability dac_override,
-  capability dac_read_search,
-
-  /bin/bash ix,
-  /bin/cat mrix,
-  /usr/bin/cat mrix,
-  /bin/grep mrix,
-  /usr/bin/id rix,
-  /usr/bin/cut mrix,
-  /usr/bin/tail mrix,
-  /sbin/pam_tally2 mrix,
-  /usr/sbin/pam_tally2 mrix,
-  /usr/lib/security-misc/pam_tally2-info r,
-
-  /etc/ld.so.cache r,
-  /etc/locale.alias r,
-
-  /{usr/,}lib{,32,64}/** mr,
-
-  owner /etc/nsswitch.conf r,
-  owner /etc/pam.d/* r,
-  owner /etc/passwd r,
-  owner /etc/group r,
-  owner /etc/securetty r,
-
-  owner /usr/share/zoneinfo/** r,
-  owner /var/log/tallylog rw,
-
-  /dev/tty rw,
-  owner /dev/pts/[0-9]* rw,
-
-  #include <local/usr.lib.security-misc.pam_tally2-info>
-}
--- a/etc/apparmor.d/usr.lib.security-misc.permission-lockdown
+++ b/etc/apparmor.d/usr.lib.security-misc.permission-lockdown
@ -1,42 +0,0 @@
-## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
-## See the file COPYING for copying conditions.
-
-#include <tunables/global>
-
-/usr/lib/security-misc/permission-lockdown flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-
-  capability dac_override,
-  capability dac_read_search,
-  capability fowner,
-  capability fsetid,
-
-  /bin/bash rix,
-  /usr/bin/bash rix,
-  /bin/chmod mrix,
-  /bin/echo mrix,
-  /bin/mkdir mrix,
-  /bin/touch mrix,
-  /usr/bin/chmod mrix,
-  /usr/bin/basename mrix,
-  /usr/bin/touch mrix,
-  /usr/lib/security-misc/permission-lockdown r,
-
-  /home/*/ w,
-
-  /{usr/,}lib{,32,64}/** mr,
-
-  /etc/ld.so.cache r,
-  owner /etc/locale.alias r,
-  owner /etc/nsswitch.conf r,
-  owner /etc/passwd r,
-
-  owner /var/cache/security-misc/state-files/ rw,
-  owner /var/cache/security-misc/state-files/* rw,
-
-  /dev/tty rw,
-  /dev/pts/[0-9]* rw,
-
-  #include <local/usr.lib.security-misc.permission-lockdown>
-}