Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2:Update
apparmor-profiles
apparmor-profiles-sshd-fix
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-profiles-sshd-fix of Package apparmor-profiles
From: Jeff Mahoney <jeffm@suse.com> Subject: Fix for sshd profile References: bnc#457072 Without this patch, sshd won't work in enforce mode. libselinux accesses /proc/filesystems to determine if it's enabled bash won't execute audit_control is probably from libselinux too --- apparmor.d/abstractions/wutmp | 2 +- apparmor/profiles/extras/usr.sbin.sshd | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) --- a/apparmor.d/abstractions/wutmp +++ b/apparmor.d/abstractions/wutmp @@ -14,5 +14,5 @@ # some services update wtmp, utmp, and lastlog with per-user # connection information /var/log/lastlog rw, - /var/log/wtmp w, + /var/log/wtmp wk, /var/run/utmp rwk, --- a/apparmor/profiles/extras/usr.sbin.sshd +++ b/apparmor/profiles/extras/usr.sbin.sshd @@ -30,6 +30,8 @@ capability kill, capability setgid, capability setuid, + capability audit_control, + capability sys_ptrace, /dev/ptmx rw, /dev/urandom r, @@ -44,11 +46,12 @@ @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, + @{PROC}/filesystems r, # should only be here for use in non-change-hat openssh # duplicated from EXEC hat /bin/ash Ux, - /bin/bash Ux, + /bin/bash rUx, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor