[Bug 228229] Re: sshd profile does not work out-of-the-box

[Timo Aaltonen]

And back to apparmor.. The profile does need some changes, but no
modifications to openssh AIUI. Here's what I had to add:

  /etc/default/locale r,
  /var/cache/nscd/group r,
  /var/cache/nscd/passwd r,
  /etc/selinux/config r,
  /etc/selinux/default/seusers r,
  /etc/krb5.conf r,
  /etc/krb5.keytab k,
  /proc/filesystems r,
  /var/tmp/host_* rw,
  /var/run/motd r,
  /bin/dash Ux,
  /bin/zsh4 Ux,
  /tmp/krb5cc_* wk,
  capability dac_override,

some of those should probably be in abstractions/*

** Changed in: apparmor (Ubuntu)
Sourcepackagename: openssh = apparmor
   Importance: Undecided = Low
   Status: New = Confirmed

-- 
sshd profile does not work out-of-the-box
https://bugs.launchpad.net/bugs/228229
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 228229] Re: sshd profile does not work out-of-the-box

[Timo Aaltonen]

moving to openssh, since the patch is needed there?

(I'm currently evaluating apparmor, so would like to confine sshd)

** Changed in: openssh (Ubuntu)
Sourcepackagename: apparmor = openssh

-- 
sshd profile does not work out-of-the-box
https://bugs.launchpad.net/bugs/228229
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs