[apparmor] [PATCH] make private-files* more strict
Steve Beattie
steve at nxnw.org
Fri Jan 7 22:10:14 UTC 2011
On Fri, Jan 07, 2011 at 01:33:31PM -0600, Jamie Strandboge wrote:
> committer: Jamie Strandboge <jamie at canonical.com>
> branch nick: apparmor-trunk.698194
> timestamp: Fri 2011-01-07 10:44:47 -0600
> message:
> abstractions/private-files: don't allow wl to autostart directories
> abstractions/private-files-strict: don't allow access to:
> - chromium
> - thunderbird
> - evolution
> - kmail
> - kwallet
> modified:
> profiles/apparmor.d/abstractions/private-files
> profiles/apparmor.d/abstractions/private-files-strict
> diff:
> === modified file 'profiles/apparmor.d/abstractions/private-files'
> --- profiles/apparmor.d/abstractions/private-files 2009-11-11 19:42:30 +0000
> +++ profiles/apparmor.d/abstractions/private-files 2011-01-07 16:44:47 +0000
> @@ -14,6 +14,8 @@
>
> # special attention to (potentially) executable files
> audit deny @{HOME}/bin/** wl,
> + audit deny @{HOME}/.config/autostart/** wl,
> + audit deny @{HOME}/.kde/Autostart/** wl,
>
> deny @{HOME}/.bash* mrk,
> audit deny @{HOME}/.bash* wl,
>
> === modified file 'profiles/apparmor.d/abstractions/private-files-strict'
> --- profiles/apparmor.d/abstractions/private-files-strict 2009-11-11 19:42:30 +0000
> +++ profiles/apparmor.d/abstractions/private-files-strict 2011-01-07 16:44:47 +0000
> @@ -9,4 +9,10 @@
> audit deny @{HOME}/.ssh/** mrwkl,
> audit deny @{HOME}/.gnome2_private/** mrwkl,
> audit deny @{HOME}/.mozilla/** mrwkl,
> + audit deny @{HOME}/.config/chromium/** mrwkl,
> + audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl,
> + audit deny @{HOME}/.evolution/** mrwkl,
> + audit deny @{HOME}/.config/evolution/** mrwkl,
> + audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
> + audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,
Acked-By: Steve Beattie <sbeattie at ubuntu.com>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110107/3bc7a1ad/attachment.pgp>
More information about the AppArmor
mailing list