Viewing all changes in revision 3274.
- Committer: Simon Deziel
- Date: 2016-04-21 21:58:04 UTC
- Revision ID: simon.deziel@gmail.com-20160421215804-570nk8b60bk77h8a
usr.sbin.sshd: deny net_admin that is not strictly required
Matthew Dawson explained why:
> sshd doesn't actually require the net_admin capability. libpam-systemd tries
> to use it if available to set the send/receive buffers size, but will fall
> back to a non-privileged version if it fails.
https://lists.ubuntu.com/archives/apparmor/2016-April/009586.html
Matthew Dawson explained why:
> sshd doesn't actually require the net_admin capability. libpam-systemd tries
> to use it if available to set the send/receive buffers size, but will fall
> back to a non-privileged version if it fails.
https://lists.ubuntu.com/archives/apparmor/2016-April/009586.html
- files modified:
- profiles/apparmor/profiles/extras/usr.sbin.sshd
expand all
collapse all
added
removed
