[apparmor] [patch] Update the sshd profile
simon.deziel at gmail.com
Thu Apr 21 22:18:14 UTC 2016
On 2016-04-20 05:17 PM, Matthew Dawson wrote:
>> === modified file 'profiles/apparmor/profiles/extras/usr.sbin.sshd'
>> --- profiles/apparmor/profiles/extras/usr.sbin.sshd 2013-01-05 06:31:00
>> +++ profiles/apparmor/profiles/extras/usr.sbin.sshd 2016-01-02 13:44:20
>> @@ -2,6 +2,8 @@
>> # Copyright (C) 2002-2005 Novell/SUSE
>> # Copyright (C) 2012 Canonical Ltd.
>> +# Copyright (C) 2016 Christian Boltz
>> +# Copyright (C) 2016 Evgeni Golov
>> # This program is free software; you can redistribute it and/or
>> # modify it under the terms of version 2 of the GNU General Public
>> @@ -26,14 +28,17 @@
>> capability sys_resource,
>> capability sys_tty_config,
>> capability net_bind_service,
>> + capability net_admin,
> sshd doesn't actually require the net_admin capability. libpam-systemd tries
> to use it if available to set the send/receive buffers size, but will fall
> back to a non-privileged version if it fails. Considering what net_admin
> would allow, I suggest removing it from the list (I'm running without it on my
> test apparmor server with no problems so far).
Interesting, I've updated  and it works well on all the systems I
tested could test it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the AppArmor