[apparmor] [patch] syslog-ng - capability dac_read_search
Steve Beattie
steve at nxnw.org
Thu Jan 5 22:33:07 UTC 2012
On Thu, Jan 05, 2012 at 12:26:45PM +0100, Christian Boltz wrote:
> according to Peter Czanik, the openSUSE syslog-ng maintainer, syslog-ng
> needs capability dac_read_search.
>
> I also nominate this patch for the 2.7 branch.
I think this is okay (we already have dac_override) but is there a
reference bug report or some other piece of documentation that might
explain why?
Thanks.
> === modified file 'profiles/apparmor.d/sbin.syslog-ng'
> --- profiles/apparmor.d/sbin.syslog-ng 2011-09-15 19:21:57 +0000
> +++ profiles/apparmor.d/sbin.syslog-ng 2012-01-05 11:05:54 +0000
> @@ -23,6 +23,7 @@
>
> capability chown,
> capability dac_override,
> + capability dac_read_search,
> capability fsetid,
> capability fowner,
> capability sys_tty_config,
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120105/e6bec4f5/attachment-0001.pgp>
More information about the AppArmor
mailing list