mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-26 09:09:23 -05:00
d32024a3da
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152
40 lines
874 B
Plaintext
40 lines
874 B
Plaintext
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/lib/security-misc/pam_tally2-info flags=(attach_disconnected) {
|
|
#include <abstractions/base>
|
|
#include <abstractions/bash>
|
|
|
|
capability dac_override,
|
|
capability dac_read_search,
|
|
|
|
/bin/bash ix,
|
|
/bin/cat mrix,
|
|
/bin/grep mrix,
|
|
/usr/bin/id rix,
|
|
/usr/bin/cut mrix,
|
|
/usr/bin/tail mrix,
|
|
/sbin/pam_tally2 mrix,
|
|
/usr/sbin/pam_tally2 mrix,
|
|
/usr/lib/security-misc/pam_tally2-info r,
|
|
|
|
/etc/ld.so.cache r,
|
|
/etc/locale.alias r,
|
|
|
|
/{usr/,}lib{,32,64}/** mr,
|
|
|
|
owner /etc/nsswitch.conf r,
|
|
owner /etc/pam.d/* r,
|
|
owner /etc/passwd r,
|
|
|
|
owner /usr/share/zoneinfo/** r,
|
|
owner /var/log/tallylog rw,
|
|
|
|
/dev/tty rw,
|
|
owner /dev/pts/[0-9]* rw,
|
|
|
|
#include <local/usr.lib.security-misc.pam_tally2-info>
|
|
}
|