add abstractions/crypto, allowing reading @{etc_ro}/gcrypt/random.conf r, and move several rules around (!772) · Merge requests · AppArmor / apparmor

Christian Boltz requested to merge cboltz/apparmor:cboltz-gcrypt into master Jul 13, 2021

@{etc_ro}/gcrypt/random.conf r, s possibly needed for all programs that use libgcrypt.

Reported by darix, he has seen it with vivaldi.

The new crypto abstraction is included in abstractions/base.

Also move some rules to the crypto abstraction:

@{PROC}/sys/crypto/* r, (from base)
crypto-policies (from ssl_certs)
@{PROC}/sys/crypto/fips_enabled (from openssl)

I propose these changes for 3.0 and master.

Optionally, 3.0 can get a different patch that only adds the crypto abstraction and includes it in base, without removing rules from the other abstractions - please tell me if you want that.

add abstractions/crypto, allowing reading @{etc_ro}/gcrypt/random.conf r, and move several rules around

Merge request reports