Note that most of these 'restricted shells' tend to be .. porous. If you
want to use one, it'd be a good idea to wrap it in an AppArmor profile
that would provide belt-and-suspenders approach. e.g., this untested
profile would probably solve the issue for you:
/usr/bin/lshell {
#include <abstractions/base>
/usr/bin/lshell rmix,
/usr/lib/python2.7/dist-packages/ r,
/usr/lib/python2.7/dist-packages/lshell-0.9.17.egg-info r,
/usr/lib/python2.7/dist-packages/lshell/ r,
/usr/lib/python2.7/dist-packages/lshell/** r,
/usr/bin/python2.7 rmix,
/etc/lshell.conf r,
/bin/ls rmix,
}
Just add rules for whatever you'd like it to support.
Save it in /etc/apparmor.d/usr.bin.lshell and reload it with sudo
systemctl reload apparmor.service. Check dmesg output for DENIED lines
and amend as needed.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1627621
Title:
Escape possible using special keys
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lshell/+bug/1627621/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
