mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Merge abstractions/authentication: Add GSSAPI mechanism modules config

Browse Source 
Found in testing a slimmed-down `usr.sbin.sshd` profile:
```
Jun  8 21:09:37 testvm kernel: [   54.770501] audit: type=1400 audit(1686272977.933:67): apparmor="DENIED" operation="open" profile="/usr/sbin/sshd" name="/etc/gss/mech.d/" pid=1036 comm="sshd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```
([Reference](https://web.mit.edu/kerberos/krb5-1.21/doc/admin/host_config.html#gssapi-mechanism-modules) for  GSSAPI mechanism modules)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1049
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
2023-06-09 08:45:20 +00:00
parent 6e0d776f65 4b9ba3977b
commit b41fcdce16
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
profiles/apparmor.d/abstractions/authentication
View File

@@ -31,6 +31,11 @@
/{usr/,}lib/@{multiarch}/security/pam_*.so mr,
/{usr/,}lib/@{multiarch}/security/ r,
# gssapi
@{etc_ro}/gss/mech r,
@{etc_ro}/gss/mech.d/ r,
@{etc_ro}/gss/mech.d/*.conf r,
# kerberos
include <abstractions/kerberosclient>
# SuSE's pwdutils are different: