Bug#1098269: Consider shipping apparmor profiles for the binaries

Lee Garrett Tue, 18 Feb 2025 06:45:21 -0800

Package: sshguard
Severity: wishlist
X-Debbugs-Cc: deb...@rocketjump.eu

Hi,


since currently all parts of sshguard are run as root, it would make sense to
restrict the potential damage that can be done via apparmor profiles.

Regards,
Lee

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.12-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sshguard depends on:
ii  init-system-helpers        1.68
ii  libc6                      2.40-6
ii  sysvinit-utils [lsb-base]  3.14-1

Versions of packages sshguard recommends:
ii  nftables  1.1.1-1

sshguard suggests no packages.

Bug#1098269: Consider shipping apparmor profiles for the binaries

Reply via email to