mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

abstractions/ssl_certs: allow reading crypto policies

Browse Source 
See https://gitlab.com/redhat-crypto/fedora-crypto-policies for details.

Reported by darix and also my own audit.log - the actual denial was for
/usr/share/crypto-policies/DEFAULT/openssl.txt.

Also allow the /etc/crypto-policies/ counterpart.

(I'm aware that the crypto policies are not really certificates, but
since they are used by several crypto libraries, ssl_certs is probably
the best place for them even if the filename doesn't match.)
This commit is contained in:
Christian Boltz
2021-03-08 01:20:24 +01:00
parent 9ff713957c
commit 13a8221622
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
profiles/apparmor.d/abstractions/ssl_certs
View File

@@ -41,5 +41,9 @@
/etc/certbot/archive/*/chain*.pem r,
/etc/certbot/archive/*/fullchain*.pem r,
# crypto policies used by various libraries
/etc/crypto-policies/*/*.txt r,
/usr/share/crypto-policies/*/*.txt r,
# Include additions to the abstraction
include if exists <abstractions/ssl_certs.d>