[apparmor] [patch] traceroute profile (apparmor-profiles-traceroute)
Steve Beattie
steve at nxnw.org
Mon Aug 22 23:56:36 UTC 2011
On Sun, Aug 21, 2011 at 06:06:52PM +0200, Christian Boltz wrote:
> another :-/ patch from openSUSE 11.4 that never made it to Factory.
>
> Bug 685674 - The "-I" flag of traceroute is blocked by apparmor
>
> * Do Apr 07 2011 jeffm at suse.de
> - Add raw network access to traceroute profile (bnc#685674).
ACK from me as this is entirely sensible (it's exactly what
capability net_raw is supposed to allow you to do).
Also, on Debian/Ubuntu, traceroute is covered by the alternatives, and
ends up pointing to /usr/bin/traceroute.db; thus I'd like to add:
=== modified file 'profiles/apparmor.d/usr.sbin.traceroute'
--- profiles/apparmor.d/usr.sbin.traceroute 2010-08-05 19:00:02 +0000
+++ profiles/apparmor.d/usr.sbin.traceroute 2011-08-22 23:54:53 +0000
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
#include <tunables/global>
-/usr/sbin/traceroute {
+/usr/{sbin/traceroute,bin/traceroute.db} {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
Thanks!
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110822/d704e4ea/attachment-0001.pgp>
More information about the AppArmor
mailing list