mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

Merge profiles: add /run/snapd.socket rule for curl

Browse Source 
This ideally is a temporary fix because we do not want to allow all users
of curl to be able to access the snapd socket. However, this will work for
now until we can mediate the accesses better.

Fixes: LP: #2120669

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1774
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-08-18 23:54:40 +00:00
commit db74dda3c6
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
profiles/apparmor.d/curl
View File

@ -42,6 +42,10 @@ profile curl /usr/bin/curl {
network inet6 stream, network inet6 stream,
network inet6 dgram, network inet6 dgram,
# Allow access to the snap socket until we can revisit it with delegation
# or profile refactoring
file rw @{run}/snapd.socket,
# Site-specific additions and overrides. See local/README for details. # Site-specific additions and overrides. See local/README for details.
include if exists <local/curl> include if exists <local/curl>
} }