Ubuntu
apparmor package

  1. Bug #228229
  2. Comment #3

Comment 3 for bug 228229

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

And back to apparmor.. The profile does need some changes, but no modifications to openssh AIUI. Here's what I had to add:

  /etc/default/locale r,
  /var/cache/nscd/group r,
  /var/cache/nscd/passwd r,
  /etc/selinux/config r,
  /etc/selinux/default/seusers r,
  /etc/krb5.conf r,
  /etc/krb5.keytab k,
  /proc/filesystems r,
  /var/tmp/host_* rw,
  /var/run/motd r,
  /bin/dash Ux,
  /bin/zsh4 Ux,
  /tmp/krb5cc_* wk,
  capability dac_override,

some of those should probably be in abstractions/*