Add profile for tinydns
Steve Beattie
sbeattie at ubuntu.com
Tue Jun 8 17:40:52 BST 2010
On Tue, Jun 08, 2010 at 10:39:33AM -0500, Jamie Strandboge wrote:
> Seth Arnold submitted[1] an AppArmor profile for tinydns[2]:
>
> [1] https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/590634
For reference, this is actually
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/590636
On Tue, Jun 08, 2010 at 09:15:47AM -0700, Kees Cook wrote:
> On Tue, Jun 08, 2010 at 10:39:33AM -0500, Jamie Strandboge wrote:
> > Seth Arnold submitted[1] an AppArmor profile for tinydns[2]:
> > # Last Modified: Sun Jun 6 20:49:33 2010
> > #include <tunables/global>
> >
> > /usr/sbin/tinyproxy {
> > #include <abstractions/base>
> > #include <abstractions/nameservice>
> >
> > capability setgid,
> > capability setuid,
> >
> > /etc/tinyproxy.conf r,
> > /home/tinyproxy/ r,
> > /var/log/tinyproxy/tinyproxy.log rw,
> > /var/run/tinyproxy/tinyproxy.pid rw,
> > /usr/share/tinyproxy/*.html r,
> > /tmp/tinyproxy.shared.* rw,
> > /tmp/tinyproxy.servers.* rwk,
> > }
> >
> > Not being a tinydns user, the profile looks ok to me, though I might
> > suggest the following (untested) refinements:
> >
> > @{HOME}/tinyproxy/ r,
>
> I think this should be @{HOMEDIRS}/tinyproxy/ r,
I suspect the latter is correct. Seth, is this
entry based on adding a tinyproxy user as a fix for
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/590634
and/or do you know what tinyproxy is doing there (looks like just
a readdir())?
Otherwise, ACK from me.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100608/9f2c0e6b/attachment-0001.pgp
More information about the AppArmor
mailing list