bin.su (532B)
- # Copyright 2020 Haelwenn (lanodan) Monnier <contact+apparmor.d@hacktivis.me>
- # Distributed under the terms of the GNU General Public License v2
- #include <tunables/global>
- /bin/su {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
- #include <abstractions/consoles>
- audit deny network,
- /bin/su mr,
- /{usr/,}bin/*sh rmpx,
- /usr/bin/xauth rmpx,
- /etc/environment r,
- /etc/shells r,
- /run/utmp rk,
- capability setuid,
- capability setgid,
- @{PROC}/@{pid}/loginuid r,
- }