Add profile for tinydns
Jamie Strandboge
jamie at canonical.com
Tue Jun 8 16:39:33 BST 2010
Seth Arnold submitted[1] an AppArmor profile for tinydns[2]:
# Last Modified: Sun Jun 6 20:49:33 2010
#include <tunables/global>
/usr/sbin/tinyproxy {
#include <abstractions/base>
#include <abstractions/nameservice>
capability setgid,
capability setuid,
/etc/tinyproxy.conf r,
/home/tinyproxy/ r,
/var/log/tinyproxy/tinyproxy.log rw,
/var/run/tinyproxy/tinyproxy.pid rw,
/usr/share/tinyproxy/*.html r,
/tmp/tinyproxy.shared.* rw,
/tmp/tinyproxy.servers.* rwk,
}
Not being a tinydns user, the profile looks ok to me, though I might
suggest the following (untested) refinements:
@{HOME}/tinyproxy/ r,
owner /tmp/tinyproxy.shared.* rw,
owner /tmp/tinyproxy.servers.* rwk,
I don't feel strongly about @{HOME}, but do feel the use of 'owner'
in /tmp is worthwhile.
[1] https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/590634
[2] http://launchpadlibrarian.net/49799363/usr.sbin.tinyproxy
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100608/1c386d1b/attachment.pgp
More information about the AppArmor
mailing list