Add profile for tinydns

Jamie Strandboge jamie at canonical.com
Tue Jun 8 16:39:33 BST 2010


Seth Arnold submitted[1] an AppArmor profile for tinydns[2]:
# Last Modified: Sun Jun  6 20:49:33 2010
#include <tunables/global>

/usr/sbin/tinyproxy {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability setgid,
  capability setuid,

  /etc/tinyproxy.conf r,
  /home/tinyproxy/ r,
  /var/log/tinyproxy/tinyproxy.log rw,
  /var/run/tinyproxy/tinyproxy.pid rw,
  /usr/share/tinyproxy/*.html r,
  /tmp/tinyproxy.shared.* rw,
  /tmp/tinyproxy.servers.* rwk,
}

Not being a tinydns user, the profile looks ok to me, though I might
suggest the following (untested) refinements:

  @{HOME}/tinyproxy/ r,
  owner /tmp/tinyproxy.shared.* rw,
  owner /tmp/tinyproxy.servers.* rwk, 

I don't feel strongly about @{HOME}, but do feel the use of 'owner'
in /tmp is worthwhile.

[1] https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/590634
[2] http://launchpadlibrarian.net/49799363/usr.sbin.tinyproxy

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100608/1c386d1b/attachment.pgp 


More information about the AppArmor mailing list