[pkg-apparmor] Bug#809649: Bug#809649: Bug#809649: ssh login not possible when setting usr.sbin.sshd to enforced
Evgeni Golov
evgeni at debian.org
Sat Jan 2 15:02:48 UTC 2016
Hi,
On Sat, Jan 02, 2016 at 03:50:00PM +0100, Christian Boltz wrote:
> openssh-6.6p1 (on openSUSE Tumbleweed, the rolling release)
I have:
OpenSSH_7.1p1 Debian-5, OpenSSL 1.0.2e 3 Dec 2015 (on Debian Stretch)
and:
OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015 (on Debian Jessie)
[ on 6.7 I do not need cap net_admin from my initial patch, though ]
> The configuration of OpenSSH and/or PAM might also be relevant.
True, Debian defaults here.
> > > + @{PROC}/cmdline r,
> > > + @{PROC}/1/environ r,
> >
> > While I also get denials for these two on my Stretch VM, I did not add
> > them in my initial version, as ssh seemed to work fine without and I
> > really see no reason why the kernel commandline or the environment of
> > the init process should matter to the ssh daemon.
>
> Interesting point, but then I'd at least add deny rules for them to
> silence the logging.
Sound sane, yes.
> Patch sent for review upstream. The review might need a while thanks to
> some[tm] [1] pending patches ;-)
Cool, can you drop me the link to the review? Did not find it on lp:apparmor.
Grüße
Evgeni
More information about the pkg-apparmor-team
mailing list