This commit is contained in:
parent
feaa855346
commit
fbf30ec6a8
@ -424,6 +424,10 @@ LogsDirectory=audit
|
||||
LogsDirectoryMode=0750
|
||||
EOF
|
||||
|
||||
# latest tcpdump control resource access with AppArmor.
|
||||
# override tcpdump profile to allow tcpdump access TACACS config file.
|
||||
sudo cp files/apparmor/usr.bin.tcpdump $FILESYSTEM_ROOT/etc/apparmor.d/local/usr.bin.tcpdump
|
||||
|
||||
if [[ $CONFIGURED_ARCH == amd64 ]]; then
|
||||
## Pre-install the fundamental packages for amd64 (x86)
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \
|
||||
|
2
files/apparmor/usr.bin.tcpdump
Normal file
2
files/apparmor/usr.bin.tcpdump
Normal file
@ -0,0 +1,2 @@
|
||||
# tcpdump will call getpwnam get current user information, the NSS plugin nss_tacplus hook this API and need access tacacs config file.
|
||||
/etc/tacplus_nss.conf r,
|
Loading…
Reference in New Issue
Block a user