Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-12 14:39:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

Create usr.lib.security-misc.permission-lockdown

Browse Source
This commit is contained in:
madaidan 2019-10-28 14:20:08 +00:00 committed by GitHub
parent d832ab91bd
commit 29b05546e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
etc/apparmor.d/usr.lib.security-misc.permission-lockdown Normal file
View File

@ -0,0 +1,35 @@
#include <tunables/global>
/usr/lib/security-misc/permission-lockdown flags=(attach_disconnected) {
#include <abstractions/bash>
capability dac_override,
capability dac_read_search,
capability fowner,
capability fsetid,
/bin/bash ix,
/bin/chmod mrix,
/bin/echo mrix,
/bin/mkdir mrix,
/bin/touch mrix,
/usr/bin/basename mrix,
/usr/bin/touch mrix,
/usr/lib/security-misc/permission-lockdown r,
/home/*/ w,
/{usr/,}lib{,32,64}/** mr,
/etc/ld.so.cache r,
owner /etc/locale.alias r,
owner /etc/nsswitch.conf r,
owner /etc/passwd r,
owner /var/cache/security-misc/state-files/ rw,
owner /var/cache/security-misc/state-files/* rw,
/dev/tty rw,
#include <local/usr.lib.security-misc.permission-lockdown>
}