mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-04 08:15:21 +00:00
Code Issues Releases Wiki Activity

profiles: give lsof CAP_DAC_READ_SEARCH and CAP_DAC_OVERRIDE

Browse Source 
This is necessary for lsof run as root to be able to return results from
processes run by other users.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
This commit is contained in:
Ryan Lee
2025-05-02 15:00:23 -07:00
parent e278575799
commit d9028aea4e
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/lsof
View File

@@ -22,6 +22,8 @@ profile lsof /usr/bin/lsof flags=(attach_disconnected.path=/aa_disconnected/) {
/usr/bin/lsof mr, /usr/bin/lsof mr,
capability sys_ptrace, capability sys_ptrace,
capability dac_read_search,
capability dac_override,
ptrace read, ptrace read,
mqueue getattr type=posix, mqueue getattr type=posix,