[apparmor] openSUSE profile patches - part 2
Seth Arnold
seth.arnold at gmail.com
Mon Aug 8 20:38:25 UTC 2011
Please forgive rubbish BlackBerry quoting:
--snip--
> +++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
> @@ -29,6 +29,8 @@
> capability kill,
> capability setgid,
> capability setuid,
> + capability audit_control,
I really, really dislike allowing audit_control. Basically, a confined
process with it can turn off audit logging by auditd/the audit
subsystem or manipulate it in such away as to hide audit events. Does
sshd really fail to start if audit_control is disallowed? I'd honestly
rather see a deny rule here.
--snip--
It might come from a PAM audit module -- and last time I tried to rebuild the Ubuntu packages to include audit support I got annoyed and wished for an rpm-spec-file style patch management :) anyway, if you can shoot me a suggestion how to rebuild the pam package with audit bits I'd happily investigate this :)
More information about the AppArmor
mailing list