Merge lp:~debfx/apparmor-profiles/master into lp:apparmor-profiles

Proposed by Felix Geyer
Status: Merged
Merged at revision: 92
Proposed branch: lp:~debfx/apparmor-profiles/master
Merge into: lp:apparmor-profiles
Diff against target: 107 lines (+51/-19)
5 files modified
ubuntu/12.04/usr.bin.quasselcore (+5/-18)
ubuntu/12.04/usr.lib.postgresql.bin.postgres (+16/-0)
ubuntu/12.04/usr.sbin.ejabberd (+2/-1)
ubuntu/12.04/usr.sbin.ssmtp (+13/-0)
ubuntu/12.04/usr.sbin.vnstatd (+15/-0)
To merge this branch: bzr merge lp:~debfx/apparmor-profiles/master
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+100516@code.launchpad.net

Description of the change

Some new profiles:
- ssmtp
- vnstatd
- postgresql

And a few updates:
- usr.sbin.ejabberd: Include ejabberdctl in the profile.
  The init script calls "ejabberdctl status" which then starts epmd.
  So we need to include ejabberdctl to confine epmd.
- usr.bin.quasselcore is shipped in the Ubuntu package now.

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu/12.04/usr.bin.quasselcore'
2--- ubuntu/12.04/usr.bin.quasselcore 2011-10-13 18:33:26 +0000
3+++ ubuntu/12.04/usr.bin.quasselcore 2012-04-02 20:54:20 +0000
4@@ -1,18 +1,5 @@
5-# Author: Felix Geyer <debfx@ubuntu.com>
6-
7-#include <tunables/global>
8-
9-/usr/bin/quasselcore {
10- #include <abstractions/base>
11- #include <abstractions/nameservice>
12- #include <abstractions/user-tmp>
13- #include <abstractions/ssl_certs>
14-
15- /var/lib/quassel/ rw,
16- /var/lib/quassel/** rwk,
17-
18- /var/log/quassel/* rw,
19-
20- /etc/ssl/openssl.cnf r,
21- /usr/lib/ssl/openssl.cnf r,
22-}
23+This profile is now included as part of the quassel source package.
24+To contribute to the profile or to report bugs against it, please
25+see "How to file a bug" in the Ubuntu wiki:
26+
27+https://wiki.ubuntu.com/DebuggingApparmor
28
29=== added file 'ubuntu/12.04/usr.lib.postgresql.bin.postgres'
30--- ubuntu/12.04/usr.lib.postgresql.bin.postgres 1970-01-01 00:00:00 +0000
31+++ ubuntu/12.04/usr.lib.postgresql.bin.postgres 2012-04-02 20:54:20 +0000
32@@ -0,0 +1,16 @@
33+# Author: Felix Geyer <debfx@ubuntu.com>
34+
35+#include <tunables/global>
36+
37+/usr/lib/postgresql/[0-9.]*/bin/postgres {
38+ #include <abstractions/base>
39+ #include <abstractions/nameservice>
40+ #include <abstractions/ssl_keys>
41+
42+ /etc/postgresql/** r,
43+ /usr/share/postgresql/** r,
44+ /var/lib/postgresql/** rwl,
45+ /{,var/}run/postgresql/** rw,
46+
47+ owner @{PROC}/[0-9]*/oom_adj rw,
48+}
49
50=== modified file 'ubuntu/12.04/usr.sbin.ejabberd'
51--- ubuntu/12.04/usr.sbin.ejabberd 2011-11-29 23:33:57 +0000
52+++ ubuntu/12.04/usr.sbin.ejabberd 2012-04-02 20:54:20 +0000
53@@ -2,7 +2,7 @@
54
55 #include <tunables/global>
56
57-/usr/sbin/ejabberd {
58+/usr/sbin/ejabberd{,ctl} {
59 #include <abstractions/base>
60 #include <abstractions/user-tmp>
61 #include <abstractions/nameservice>
62@@ -11,6 +11,7 @@
63 /etc/default/ejabberd r,
64 /etc/ejabberd/* r,
65 /usr/sbin/ejabberd r,
66+ /usr/sbin/ejabberdctl r,
67 /var/log/ejabberd/* rw,
68 /{,var/}run/ejabberd/ejabberd.pid rw,
69 /var/lib/ejabberd/ r,
70
71=== added file 'ubuntu/12.04/usr.sbin.ssmtp'
72--- ubuntu/12.04/usr.sbin.ssmtp 1970-01-01 00:00:00 +0000
73+++ ubuntu/12.04/usr.sbin.ssmtp 2012-04-02 20:54:20 +0000
74@@ -0,0 +1,13 @@
75+# Author: Felix Geyer <debfx@ubuntu.com>
76+
77+#include <tunables/global>
78+
79+/usr/sbin/ssmtp {
80+ #include <abstractions/base>
81+ #include <abstractions/nameservice>
82+ #include <abstractions/ssl_certs>
83+
84+ /etc/ssmtp/* r,
85+
86+ owner @{HOME}/dead.letter rw,
87+}
88
89=== added file 'ubuntu/12.04/usr.sbin.vnstatd'
90--- ubuntu/12.04/usr.sbin.vnstatd 1970-01-01 00:00:00 +0000
91+++ ubuntu/12.04/usr.sbin.vnstatd 2012-04-02 20:54:20 +0000
92@@ -0,0 +1,15 @@
93+# Author: Felix Geyer <debfx@ubuntu.com>
94+
95+#include <tunables/global>
96+
97+/usr/sbin/vnstatd {
98+ #include <abstractions/base>
99+
100+ /etc/vnstat.conf r,
101+ /var/lib/vnstat/ r,
102+ /var/lib/vnstat/** rwk,
103+ /{,var/}run/vnstat.pid rwk,
104+
105+ @{PROC}/[0-9]*/net/dev r,
106+ @{PROC}/[0-9]*/mounts r,
107+}

Subscribers

People subscribed via source and target branches

to status/vote changes: