[apparmor] [patch] userdel profile
Steve Beattie
steve at nxnw.org
Mon Feb 13 06:44:57 UTC 2012
On Sun, Feb 12, 2012 at 10:13:36PM +0100, Christian Boltz wrote:
> I just noticed that the userdel profile needs an additional permission -
> without it, no users can be deleted.
>
> Looks like userdel is one of the lesser-used commands (more people use
> useradd - which you can verify by the fact that it already has this
> fix ;-)
>
>
> === modified file 'profiles/apparmor/profiles/extras/usr.sbin.userdel'
> --- profiles/apparmor/profiles/extras/usr.sbin.userdel 2011-08-27
> +++ profiles/apparmor/profiles/extras/usr.sbin.userdel 2012-02-12
> @@ -28,7 +28,7 @@
> /bin/cat rmix,
> /bin/bash rmix,
> /dev/log w,
> - /etc/.pwd.lock rw,
> + /etc/.pwd.lock rwk,
> /etc/cron.deny r,
> /etc/default/useradd r,
> /etc/group* rwl,
>
> I also propose this patch for the 2.3 branch.
I think you mean the 2.7 branch. Acked-By: Steve Beattie
<sbeattie at ubuntu.com> for both.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120212/a68f2a44/attachment.pgp>
More information about the AppArmor
mailing list