[apparmor] [patch] sbin.syslog-ng profile fixes
Christian Boltz
apparmor at cboltz.de
Thu Sep 15 19:16:43 UTC 2011
Hello,
based on feedback for the openSUSE package in Factory by the syslog-ng
maintainer, Peter Czanik:
sbin.syslog-ng profile:
- fix permissions for additional-log-sockets.conf (the comma in {var/,}
was at the wrong place, which broke the /var/run/ case)
- add read permissions for /sys/devices/system/cpu/online
(that was even new for Peter, but I trust him not to post faked
audit.log lines ;-)
=== modified file 'profiles/apparmor.d/sbin.syslog-ng'
--- profiles/apparmor.d/sbin.syslog-ng 2011-08-18 22:27:03 +0000
+++ profiles/apparmor.d/sbin.syslog-ng 2011-09-15 19:08:32 +0000
@@ -38,6 +38,7 @@
/etc/hosts.deny r,
/etc/hosts.allow r,
/sbin/syslog-ng mr,
+ /sys/devices/system/cpu/online r,
/usr/share/syslog-ng/** r,
# chrooted applications
@{CHROOT_BASE}/var/lib/*/dev/log w,
@@ -45,7 +46,7 @@
@{CHROOT_BASE}/var/log/** w,
@{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
@{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
- /{var,/}run/syslog-ng/additional-log-sockets.conf r,
+ /{var/,}run/syslog-ng/additional-log-sockets.conf r,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.syslog-ng>
Regards,
Christian Boltz
--
IcH fInDe AuCh, dAsS eS nIcHt So WiChTig IsT, eInEn TeXt In KoRrEcKtEr
gRoSs- Und KlEiNsChReIbUnG zU vErFaSsEn, Da DiEs DeR LeSbArKeIt KaUm
AbBrUcH tUt UnD zUdEm AuSdRuCk MeInEr InDiViDuAlItAeT iSt.
[Joachim Kromm in dsnu]
More information about the AppArmor
mailing list