[apparmor] [patch] sbin.syslog-ng profile fixes
John Johansen
john.johansen at canonical.com
Thu Sep 15 19:19:37 UTC 2011
On 09/15/2011 12:16 PM, Christian Boltz wrote:
> Hello,
>
> based on feedback for the openSUSE package in Factory by the syslog-ng
> maintainer, Peter Czanik:
>
> sbin.syslog-ng profile:
> - fix permissions for additional-log-sockets.conf (the comma in {var/,}
> was at the wrong place, which broke the /var/run/ case)
> - add read permissions for /sys/devices/system/cpu/online
> (that was even new for Peter, but I trust him not to post faked
> audit.log lines ;-)
>
>
> === modified file 'profiles/apparmor.d/sbin.syslog-ng'
> --- profiles/apparmor.d/sbin.syslog-ng 2011-08-18 22:27:03 +0000
> +++ profiles/apparmor.d/sbin.syslog-ng 2011-09-15 19:08:32 +0000
> @@ -38,6 +38,7 @@
> /etc/hosts.deny r,
> /etc/hosts.allow r,
> /sbin/syslog-ng mr,
> + /sys/devices/system/cpu/online r,
> /usr/share/syslog-ng/** r,
> # chrooted applications
> @{CHROOT_BASE}/var/lib/*/dev/log w,
> @@ -45,7 +46,7 @@
> @{CHROOT_BASE}/var/log/** w,
> @{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
> @{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
> - /{var,/}run/syslog-ng/additional-log-sockets.conf r,
> + /{var/,}run/syslog-ng/additional-log-sockets.conf r,
>
> # Site-specific additions and overrides. See local/README for details.
> #include <local/sbin.syslog-ng>
>
>
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list