Package: procps
Version: 2:3.3.9-8
Severity: wishlist
Tags: patch
Dear Maintainer,
/bin/ps does not have an apparmor profile.
I have attached an apparmor profile to patch the package.
-- System Information:
Debian Release: jessie/sid
Architecture: i386 (i686)
# Last Modified: Mon Dec 1 10:10:30 2014
#include <tunables/global>
#include <tunables/kernelvars>
#include <tunables/sys>
/bin/ps {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
#most ps functions available without the dac_override & dac_read_search
capability dac_override,
capability dac_read_search,
capability sys_ptrace,
/bin/ps mr,
@{PROC} r,
@{PROC}@{pid}/attr/current r,
@{PROC}@{pid}/cmdline r,
@{PROC}@{pid}/environ r,
@{PROC}@{pid}/stat r,
@{PROC}@{pid}/status r,
@{PROC}@{pid}/task/ r,
@{PROC}@{pid}/task/*/* r,
@{PROC}@{pid}/wchan r,
@{PROC}@{sys}kernel/pid_max r,
@{PROC}tty/drivers r,
@{PROC}uptime r,
}
