[apparmor] [patch/2.7] Two abstraction patches
John Johansen
john.johansen at canonical.com
Tue Jan 10 11:56:00 UTC 2012
On 01/10/2012 12:14 PM, Steve Beattie wrote:
> Attached are two patches to the abstractions that I'm nominating for the
> 2.7 branch.
>
> Trunk revision 1909: Fix from Felix Geyer: in the enchant abstraction,
> allow the creation of enchant .config directory.
>
> Bug: https://bugs.launchpad.net/bugs/914184
Acked-by: John Johansen <john.johansen at canonical.com> for both
>
> === modified file 'profiles/apparmor.d/abstractions/enchant'
> --- profiles/apparmor.d/abstractions/enchant 2010-12-22 22:59:44 +0000
> +++ profiles/apparmor.d/abstractions/enchant 2012-01-10 10:37:54 +0000
> @@ -52,5 +52,5 @@
> /usr/share/java/zemberek-tr-[0-9]*.jar r,
>
> # per-user dictionaries
> - owner @{HOME}/.config/enchant/ r,
> + owner @{HOME}/.config/enchant/ rw,
> owner @{HOME}/.config/enchant/* rwk,
>
>
>
> Trunk revision 1910: Fix from Felix Geyer: block write access to
> ~/.kde/env because KDE automatically sources scripts in that folder
> on startup.
>
> Bug: https://bugs.launchpad.net/bugs/914190
>
> === modified file 'profiles/apparmor.d/abstractions/private-files'
> --- profiles/apparmor.d/abstractions/private-files 2012-01-06 16:29:32 +0000
> +++ profiles/apparmor.d/abstractions/private-files 2012-01-10 10:54:12 +0000
> @@ -16,6 +16,7 @@
> audit deny @{HOME}/bin/** wl,
> audit deny @{HOME}/.config/autostart/** wl,
> audit deny @{HOME}/.kde/Autostart/** wl,
> + audit deny @{HOME}/.kde/env/** wl,
> audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
>
> # don't allow reading/updating of run control files
>
>
>
>
>
More information about the AppArmor
mailing list