mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
commit
5a3cbe8100
2
debian/control
vendored
2
debian/control
vendored
@ -5,7 +5,7 @@ Source: security-misc
|
|||||||
Section: misc
|
Section: misc
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Patrick Schleizer <adrelanos@riseup.net>
|
Maintainer: Patrick Schleizer <adrelanos@riseup.net>
|
||||||
Build-Depends: debhelper (>= 12), genmkfile, config-package-dev
|
Build-Depends: debhelper (>= 12), genmkfile, config-package-dev, dh-apparmor
|
||||||
Homepage: https://github.com/Whonix/security-misc
|
Homepage: https://github.com/Whonix/security-misc
|
||||||
Vcs-Browser: https://github.com/Whonix/security-misc
|
Vcs-Browser: https://github.com/Whonix/security-misc
|
||||||
Vcs-Git: https://github.com/Whonix/security-misc.git
|
Vcs-Git: https://github.com/Whonix/security-misc.git
|
||||||
|
5
debian/rules
vendored
5
debian/rules
vendored
@ -10,3 +10,8 @@
|
|||||||
|
|
||||||
override_dh_installchangelogs:
|
override_dh_installchangelogs:
|
||||||
dh_installchangelogs changelog.upstream upstream
|
dh_installchangelogs changelog.upstream upstream
|
||||||
|
|
||||||
|
override_dh_install:
|
||||||
|
dh_apparmor --profile-name='usr.lib.security-misc.pam_tally2-info'
|
||||||
|
dh_apparmor --profile-name='usr.lib.security-misc.permission-lockdown'
|
||||||
|
dh_install
|
||||||
|
36
etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
Normal file
36
etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||||
|
## See the file COPYING for copying conditions.
|
||||||
|
|
||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
/usr/lib/security-misc/pam_tally2-info flags=(attach_disconnected) {
|
||||||
|
#include <abstractions/bash>
|
||||||
|
|
||||||
|
capability dac_override,
|
||||||
|
capability dac_read_search,
|
||||||
|
|
||||||
|
/bin/bash ix,
|
||||||
|
/bin/cat mrix,
|
||||||
|
/bin/grep mrix,
|
||||||
|
/usr/bin/cut mrix,
|
||||||
|
/usr/bin/tail mrix,
|
||||||
|
/sbin/pam_tally2 mrix,
|
||||||
|
/usr/lib/security-misc/pam_tally2-info r,
|
||||||
|
|
||||||
|
/etc/ld.so.cache r,
|
||||||
|
/etc/locale.alias r,
|
||||||
|
|
||||||
|
/{usr/,}lib{,32,64}/** mr,
|
||||||
|
|
||||||
|
owner /etc/nsswitch.conf r,
|
||||||
|
owner /etc/pam.d/* r,
|
||||||
|
owner /etc/passwd r,
|
||||||
|
|
||||||
|
owner /usr/share/zoneinfo/** r,
|
||||||
|
owner /var/log/tallylog rw,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
owner /dev/pts/[0-9]* rw,
|
||||||
|
|
||||||
|
#include <local/usr.lib.security-misc.pam_tally2-info>
|
||||||
|
}
|
38
etc/apparmor.d/usr.lib.security-misc.permission-lockdown
Normal file
38
etc/apparmor.d/usr.lib.security-misc.permission-lockdown
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||||
|
## See the file COPYING for copying conditions.
|
||||||
|
|
||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
/usr/lib/security-misc/permission-lockdown flags=(attach_disconnected) {
|
||||||
|
#include <abstractions/bash>
|
||||||
|
|
||||||
|
capability dac_override,
|
||||||
|
capability dac_read_search,
|
||||||
|
capability fowner,
|
||||||
|
capability fsetid,
|
||||||
|
|
||||||
|
/bin/bash ix,
|
||||||
|
/bin/chmod mrix,
|
||||||
|
/bin/echo mrix,
|
||||||
|
/bin/mkdir mrix,
|
||||||
|
/bin/touch mrix,
|
||||||
|
/usr/bin/basename mrix,
|
||||||
|
/usr/bin/touch mrix,
|
||||||
|
/usr/lib/security-misc/permission-lockdown r,
|
||||||
|
|
||||||
|
/home/*/ w,
|
||||||
|
|
||||||
|
/{usr/,}lib{,32,64}/** mr,
|
||||||
|
|
||||||
|
/etc/ld.so.cache r,
|
||||||
|
owner /etc/locale.alias r,
|
||||||
|
owner /etc/nsswitch.conf r,
|
||||||
|
owner /etc/passwd r,
|
||||||
|
|
||||||
|
owner /var/cache/security-misc/state-files/ rw,
|
||||||
|
owner /var/cache/security-misc/state-files/* rw,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
#include <local/usr.lib.security-misc.permission-lockdown>
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user