usr.sbin.sshd: add cgroup-related rules

2025-08-31 06:16:03 +00:00 · 2016-04-05 15:46:05 -04:00
parent 1fcdad4f1e
commit aedce34542
1 changed files with 3 additions and 0 deletions
--- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
@@ -70,6 +70,9 @@
  owner @{PROC}/@{pid}/oom_adj rw,
  owner @{PROC}/@{pid}/oom_score_adj rw,

+  /sys/fs/cgroup/*/user/*/[0-9]*/ rw,
+  /sys/fs/cgroup/systemd/user.slice/user-[0-9]*.slice/session-c[0-9]*.scope/ rw,
+
  # should only be here for use in non-change-hat openssh
  # duplicated from EXEC hat (+r)
  /bin/ash      Uxr,