[apparmor] usr.bin.ssh and usr.bin.scp profiles
Christian Boltz
apparmor at cboltz.de
Sat Aug 23 11:01:49 UTC 2014
Hello,
Am Freitag, 22. August 2014 schrieb Simon Deziel:
> I've been testing those 2 profiles for a bit and feel they are ready
> to be tested by a larger audience. If any of you is interested,
> feedback/comments/pull requests(*) are welcome!
While the profile in general looks good at the first look, I somewhat
wonder about
/bin/bash Cx -> proxycommand,
profile proxycommand {
[...]
/bin/bash rm,
I slightly ;-) doubt this allows to do anything useful in the shell.
I'm afraid you'll need to allow Ux for various shells to fix that.
Please have a look at the sshd profile we ship in the extras dir
(profiles/apparmor/profiles/extras/usr.sbin.sshd in tarball and bzr)
which does exactly that.
Regards,
Christian Boltz
--
[ X-Mailer: Microsoft Outlook Express 6.00.2800.1106 ]
Damit ist deinem Kmail der Preis für die gruseligste Halloween-Maske
dieses Jahres sicher. [Andreas Koenecke zu Martin Mewes in suse-linux]
More information about the AppArmor
mailing list