mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Merge profiles: Allow curl to read tmp, for scripts which might use config/etags/data...

Browse Source 
Some system scripts, namely pollinate, pass temporary files as data.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1769
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-08-14 17:24:56 +00:00
commit ebba635fa9
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
profiles/apparmor.d/curl
View File

@ -27,6 +27,9 @@ profile curl /usr/bin/curl {
# (see --config, --cacert options) # (see --config, --cacert options)
file r @{HOME}/**, file r @{HOME}/**,
# allow reading data/config from tmp
owner file r /tmp/**,
# allow writing output to $HOME, /tmp (see -o option) # allow writing output to $HOME, /tmp (see -o option)
file w @{HOME}/**, file w @{HOME}/**,
file w /tmp/**, file w /tmp/**,