AppArmor Profiles

Merge lp:~debfx/apparmor-profiles/master into lp:apparmor-profiles

  1. master
  2. Merge into master
Proposed by Felix Geyer
Status: Merged
Merged at revision: 75
Proposed branch: lp:~debfx/apparmor-profiles/master
Merge into: lp:apparmor-profiles
Diff against target: 93 lines (+79/-0)
3 files modified
ubuntu/11.10/usr.sbin.apt-cacher-ng (+20/-0)
ubuntu/11.10/usr.sbin.ejabberd (+33/-0)
ubuntu/11.10/usr.sbin.murmurd (+26/-0)
To merge this branch: bzr merge lp:~debfx/apparmor-profiles/master
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+78510@code.launchpad.net

Description of the change

Add 3 new profiles: apt-cacher-ng, ejabberd and murmurd (mumble-server).

To post a comment you must log in.
lp:~debfx/apparmor-profiles/master updated
73. By Jamie Strandboge

copy over 11.10 Ubuntu profiles to 12.04

74. By Steve Beattie

Merge from Simon Déziel

Revision history for this message
Simon Déziel (sdeziel) wrote :

@Felix, I have tested your ejabberd profile on a Lucid and I am pleased with it. No problem to report in the last 2 days after some inter-op tests. Thanks for sharing this.

P.S.: I just wanted to give some feedback after testing but let me know if I should avoid commenting on merge requests.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for the submission! (sorry for the delay)

ACK to add to the repository, though I would prefer to see this in a child profile instead of PUx:
  /usr/bin/lsb_release PUx,

review: Approve
lp:~debfx/apparmor-profiles/master updated
75. By Jamie Strandboge

merge from Felix Geyer
updated usr.sbin.murmurd with comment on lsb_release

Acked-by: Jamie Strandboge <email address hidden>

Revision history for this message
Steve Beattie (sbeattie) wrote :

Simon, comments from testers on merge requests are very much welcome. Thanks!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'ubuntu/11.10/usr.sbin.apt-cacher-ng'
2--- ubuntu/11.10/usr.sbin.apt-cacher-ng 1970-01-01 00:00:00 +0000
3+++ ubuntu/11.10/usr.sbin.apt-cacher-ng 2011-10-06 21:30:35 +0000
4@@ -0,0 +1,20 @@
5+# Author: Felix Geyer <debfx@ubuntu.com>
6+
7+#include <tunables/global>
8+
9+/usr/sbin/apt-cacher-ng {
10+ #include <abstractions/base>
11+ #include <abstractions/nameservice>
12+ #include <abstractions/user-tmp>
13+
14+ /etc/apt-cacher-ng/ r,
15+ /etc/apt-cacher-ng/** r,
16+ /{,var/}run/apt-cacher-ng/* rw,
17+ /var/cache/apt-cacher-ng/ r,
18+ /var/cache/apt-cacher-ng/** rw,
19+ /var/log/apt-cacher-ng/ r,
20+ /var/log/apt-cacher-ng/* rw,
21+
22+ /bin/dash ixr,
23+ /bin/ed ixr,
24+}
25
26=== added file 'ubuntu/11.10/usr.sbin.ejabberd'
27--- ubuntu/11.10/usr.sbin.ejabberd 1970-01-01 00:00:00 +0000
28+++ ubuntu/11.10/usr.sbin.ejabberd 2011-10-06 21:30:35 +0000
29@@ -0,0 +1,33 @@
30+# Author: Felix Geyer <debfx@ubuntu.com>
31+
32+#include <tunables/global>
33+
34+/usr/sbin/ejabberd {
35+ #include <abstractions/base>
36+ #include <abstractions/user-tmp>
37+ #include <abstractions/nameservice>
38+ #include <abstractions/ssl_certs>
39+
40+ /etc/default/ejabberd r,
41+ /etc/ejabberd/* r,
42+ /usr/sbin/ejabberd r,
43+ /var/log/ejabberd/* rw,
44+ /{,var/}run/ejabberd/ejabberd.pid rw,
45+ /var/lib/ejabberd/ r,
46+ /var/lib/ejabberd/* rw,
47+
48+ /sys/devices/system/cpu/ r,
49+ /sys/devices/system/node/ r,
50+ /sys/devices/system/node/node*/ r,
51+ /sys/devices/system/cpu/cpu*/topology/physical_package_id r,
52+ /sys/devices/system/cpu/cpu*/topology/core_id r,
53+
54+ /usr/lib/erlang/lib/**/*.so mr,
55+ /usr/lib/ejabberd/**/*.so mr,
56+
57+ /usr/lib/erlang/bin/erl ixr,
58+ /usr/lib/erlang/erts-*/bin/* ixr,
59+
60+ /bin/dash ixr,
61+ /bin/sed ixr,
62+}
63
64=== added file 'ubuntu/11.10/usr.sbin.murmurd'
65--- ubuntu/11.10/usr.sbin.murmurd 1970-01-01 00:00:00 +0000
66+++ ubuntu/11.10/usr.sbin.murmurd 2011-10-06 21:30:35 +0000
67@@ -0,0 +1,26 @@
68+# Author: Felix Geyer <debfx@ubuntu.com>
69+
70+#include <tunables/global>
71+
72+/usr/sbin/murmurd {
73+ #include <abstractions/base>
74+ #include <abstractions/user-tmp>
75+ #include <abstractions/nameservice>
76+ #include <abstractions/ssl_certs>
77+
78+ # required for MURMUR_USE_CAPABILITIES=1
79+ capability setgid,
80+ capability setuid,
81+ capability sys_resource,
82+
83+ /etc/xdg/Trolltech.conf r,
84+ deny /etc/xdg/Trolltech.conf k,
85+
86+ /usr/bin/lsb_release PUx,
87+
88+ /etc/mumble-server.ini rk,
89+ /var/lib/mumble-server/ r,
90+ /var/lib/mumble-server/** rwk,
91+ /{,var/}run/mumble-server/mumble-server.pid rw,
92+ /var/log/mumble-server/* rw,
93+}

Subscribers

People subscribed via source and target branches

to status/vote changes: