maybe chmod 0755 'apm/event.d'
maybe chmod 0755 'apparmor'
maybe chmod 0755 'apparmor.d'
+maybe chmod 0755 'apparmor.d/abi'
+maybe chmod 0644 'apparmor.d/abi/2.13'
maybe chmod 0755 'apparmor.d/abstractions'
maybe chmod 0644 'apparmor.d/abstractions/X'
maybe chmod 0644 'apparmor.d/abstractions/apache2-common'
--- /dev/null
+capability {0xffffff
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+}
+}
+dbus {mask {acquire send receive
+}
+}
+domain {attach_conditions {xattr {yes
+}
+}
+change_hat {yes
+}
+change_hatv {yes
+}
+change_onexec {yes
+}
+change_profile {yes
+}
+computed_longest_left {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+post_nnp_subset {yes
+}
+stack {yes
+}
+version {1.2
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+network {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+af_unix {yes
+}
+}
+network_v8 {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+}
+policy {outofband {0x000001
+}
+set_load {yes
+}
+versions {v5 {yes
+}
+v6 {yes
+}
+v7 {yes
+}
+v8 {yes
+}
+}
+}
+ptrace {mask {read trace
+}
+}
+query {label {data {yes
+}
+multi_transaction {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
# see LP: #1918410
owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
+ # LP: #1926139
+ @{PROC}/cmdline r,
+
/{,usr/}sbin/dhclient mr,
# LP: #1197484 and LP: #1202203 - why is this needed? :(
/{,usr/}bin/bash mr,
/usr/sbin/tcpdump mr,
+ # allow printing to stdout/stderr when inside a container
+ # (LP: #1667016)
+ /dev/pts/* rw,
+
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.tcpdump>
}
## Adjust compression
#Optimize=compress-small
#Optimize=compress-fast
+
+## Pin older policies so they are not affected by new mediation
+policy-features=/etc/apparmor.d/abi/2.13
-Ubuntu 20.04.5 LTS \n \l
+Ubuntu 20.04.6 LTS \n \l
-Ubuntu 20.04.5 LTS
+Ubuntu 20.04.6 LTS
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
-DISTRIB_DESCRIPTION="Ubuntu 20.04.5 LTS"
+DISTRIB_DESCRIPTION="Ubuntu 20.04.6 LTS"
projects / vserver2 / commitdiff