[apparmor] [patch] /var/log/lastlog k permission (wutmp-v-l-lastlog-k.diff)
Steve Beattie
steve at nxnw.org
Mon Aug 15 22:18:09 UTC 2011
On Sat, Aug 13, 2011 at 11:27:42PM +0200, Christian Boltz wrote:
> I'm trying to keep the "patches to review" queue long ;-)
> Next attemp:
>
> Re-reading my commit message from r1781 (the sshd profile patch), I
> stumbled over this:
> > - add /var/log/lastlog k
>
> The sshd profile now has (shortened):
>
> #include <abstractions/wutmp>
> /var/log/lastlog k,
>
> and abstractions/wutmp has (shortened):
> /var/log/lastlog rw,
>
> The k permission should be merged into abstractions/wutmp IMHO.
>
> Proposed patch:
Yes, please. Acked-By: Steve Beattie <sbeattie at ubuntu.com>
Also, as a followup, you may wish to convert the useradd and userdel
profiles to using the wutmp abstraction.
Thanks.
> === modified file 'profiles/apparmor.d/abstractions/wutmp'
> --- profiles/apparmor.d/abstractions/wutmp
> +++ profiles/apparmor.d/abstractions/wutmp
> @@ -11,6 +11,6 @@
>
> # some services update wtmp, utmp, and lastlog with per-user
> # connection information
> - /var/log/lastlog rw,
> + /var/log/lastlog rwk,
> /var/log/wtmp wk,
> /{,var/}run/utmp rwk,
>
> === modified file 'profiles/apparmor/profiles/extras/usr.sbin.sshd'
> --- profiles/apparmor/profiles/extras/usr.sbin.sshd
> +++ profiles/apparmor/profiles/extras/usr.sbin.sshd
> @@ -42,7 +42,6 @@
> /proc/*/oom_score_adj rw,
> /usr/sbin/sshd mrix,
> /var/log/btmp r,
> - /var/log/lastlog k,
> /{,var/}run w,
> /{,var/}run/sshd{,.init}.pid wl,
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110815/6357227d/attachment.pgp>
More information about the AppArmor
mailing list