mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 06:45:38 +00:00
Code Issues Releases Wiki Activity

Merge abstractions/nameservice: tighten libnss_libvirt file access

Browse Source 
Limit access to \*.status files located in /var/lib/libvirt/dnsmasq/ as opposed to every file in the same directory.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1379
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
2024-10-16 18:24:04 +00:00
parent 6d20a10606 5be4295b5a
commit e23633ff0e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
profiles/apparmor.d/abstractions/nameservice
View File

@@ -63,7 +63,8 @@
@{run}/nscd/db* rmix, @{run}/nscd/db* rmix,
# make libnss-libvirt name resolution work. # make libnss-libvirt name resolution work.
/var/lib/libvirt/dnsmasq/* r, /var/lib/libvirt/dnsmasq/ r,
/var/lib/libvirt/dnsmasq/*.status r,
# The nss libraries are sometimes used in addition to PAM; make sure # The nss libraries are sometimes used in addition to PAM; make sure
# they are available # they are available