b5a1419370
Accepted submit request 65172 from user licensedigger OBS-URL: https://build.opensuse.org/request/show/65172 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=14
39 lines
969 B
Plaintext
39 lines
969 B
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: Fix for sshd profile
|
|
References: bnc#457072
|
|
|
|
Without this patch, sshd won't work in enforce mode.
|
|
|
|
libselinux accesses /proc/filesystems to determine if it's enabled
|
|
bash won't execute
|
|
audit_control is probably from libselinux too
|
|
---
|
|
profiles/apparmor/profiles/extras/usr.sbin.sshd | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
--- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
|
|
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
|
|
@@ -29,6 +29,8 @@
|
|
capability kill,
|
|
capability setgid,
|
|
capability setuid,
|
|
+ capability audit_control,
|
|
+ capability sys_ptrace,
|
|
|
|
/dev/ptmx rw,
|
|
/dev/urandom r,
|
|
@@ -43,11 +45,12 @@
|
|
|
|
@{PROC}/[0-9]*/fd/ r,
|
|
@{PROC}/[0-9]*/loginuid w,
|
|
+ @{PROC}/filesystems r,
|
|
|
|
# should only be here for use in non-change-hat openssh
|
|
# duplicated from EXEC hat
|
|
/bin/ash Ux,
|
|
- /bin/bash Ux,
|
|
+ /bin/bash rUx,
|
|
/bin/bash2 Ux,
|
|
/bin/bsh Ux,
|
|
/bin/csh Ux,
|