updates to apparmor profiles

- hardening (restrict access to proc to owner) - removing files covered by abstractions - indentation per apparmor profile style
2015-04-14 01:00:10 +00:00
parent dd99978b19
commit 11c3230150
3 changed files with 58 additions and 63 deletions
--- a/debian/apparmor/usr.bin.i2prouter
+++ b/debian/apparmor/usr.bin.i2prouter
@@ -1,4 +1,4 @@
-# Last Modified: Thu Jan 29 03:17:01 2015
+# Last Modified: Sun Apr 12 22:08:32 2015
 # vim:syntax=apparmor et ts=8 sw=4

 #include <tunables/global>
@@ -9,8 +9,10 @@

  /usr/bin/i2prouter                    r,

-  @{PROC}/[0-9]*/stat                   r,
-  @{PROC}/[0-9]*/cmdline                r,
+  @{PROC}/1/comm                        r,
+  owner @{PROC}/[0-9]*/                 r,
+  owner @{PROC}/[0-9]*/stat             r,
+  owner @{PROC}/[0-9]*/cmdline          r,
  @{PROC}/uptime                        r,
  @{PROC}/sys/kernel/pid_max            r,