:: Re: [DNG] [OT] Restricting user cap…
Top Page
Delete this message
Reply to this message
Author: Alessandro Selli
Date:  
To: dng
Subject: Re: [DNG] [OT] Restricting user capabilities after ssh login

Il 10/10/18 06:28, Lars Noodén ha scritto:
> On 10/10/18 12:38 AM, Taiidan@??? wrote:
>> You can use apparmor to do this quite easily - afaik there are a few
>> tutorials for it.
> Last I checked, apparmor does not function with Devuan:
>
>     # /etc/init.d/apparmor start
>     /etc/init.d/apparmor: 130: /etc/init.d/apparmor:
>     systemd-detect-virt: not found

>
>     Starting AppArmor profiles:AppArmor not available as kernel
>     LSM.. failed!

>
>
> /Lars


  Works for me:


[root@wrkstn02 ~]# /etc/init.d/apparmor status
apparmor module is loaded.
19 profiles are loaded.
17 profiles are in enforce mode.
   /usr/lib/cups/backend/cups-pdf
   /usr/sbin/cups-browsed
   /usr/sbin/cupsd
   /usr/sbin/cupsd//third_party
   /usr/sbin/libvirtd
   /usr/sbin/libvirtd//qemu_bridge_helper
   /usr/sbin/named
   system_tor
   thunderbird
   thunderbird//browser_java
   thunderbird//browser_openjdk
   thunderbird//gpg
   thunderbird//sanitized_helper
   torbrowser_firefox
   torbrowser_plugin_container
   torbrowser_tor
   virt-aa-helper
2 profiles are in complain mode.
   /usr/bin/i2prouter
   system_i2p
2 processes have profiles defined.
2 processes are in enforce mode.
   /usr/sbin/named (11896)
   thunderbird (20717)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
[root@wrkstn02 ~]#

[root@wrkstn02 ~]# lsb_release -d ; uname -r
Description:    Devuan GNU/Linux 2.0 (ascii)
4.18.0-0.bpo.1-amd64
[root@wrkstn02 ~]#


Alessandro


--
Alessandro Selli <alessandroselli@???>
VOIP SIP: dhatarattha@???
Chiave firma e cifratura PGP/GPG signing and encoding key:
BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE