mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 07:15:18 +00:00
Code Issues Releases Wiki Activity

Extend crypto and ssl_certs abstractions

Browse Source 
- ssl_certs: /{etc,usr/share}/pki/trust/ has more than the 'anchors' subdirectory
- crypoto: allow reading /etc/gcrypt/hwf.deny
This commit is contained in:
Christian Boltz
2022-12-17 23:10:59 +01:00
parent 4f2d2a8cab
commit d15bfa999a
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/apparmor.d/abstractions/crypto
View File

@@ -13,6 +13,7 @@
abi <abi/3.0>, abi <abi/3.0>,
@{etc_ro}/gcrypt/hwf.deny r,
@{etc_ro}/gcrypt/random.conf r, @{etc_ro}/gcrypt/random.conf r,
@{PROC}/sys/crypto/fips_enabled r, @{PROC}/sys/crypto/fips_enabled r,

2
profiles/apparmor.d/abstractions/ssl_certs
View File

@@ -17,7 +17,7 @@
/etc/{,libre}ssl/certs/{,**} r, /etc/{,libre}ssl/certs/{,**} r,
/{etc,usr/share}/pki/bl[ao]cklist/{,*} r, /{etc,usr/share}/pki/bl[ao]cklist/{,*} r,
/{etc,usr/share}/pki/trust/{,*} r, /{etc,usr/share}/pki/trust/{,*} r,
/{etc,usr/share}/pki/trust/anchors/{,**} r, /{etc,usr/share}/pki/trust/{bl[oa]cklist,anchors}/{,**} r,
/usr/share/ca-certificates/{,**} r, /usr/share/ca-certificates/{,**} r,
/usr/share/ssl/certs/ca-bundle.crt r, /usr/share/ssl/certs/ca-bundle.crt r,
/usr/local/share/ca-certificates/{,**} r, /usr/local/share/ca-certificates/{,**} r,