[apparmor] Ubuntu profile for squid3
Simon Deziel
simon.deziel at gmail.com
Thu May 3 19:59:46 UTC 2012
On 12-05-03 03:46 PM, Jamie Strandboge wrote:
> ACK, though I did add a squidguard child profile:
Great, I'll give that a try.
> # squidguard
> /usr/bin/squidGuard Cx -> squidguard,
> profile squidguard {
> #include <abstractions/base>
>
> /etc/squid/squidGuard.conf r,
> /var/log/squid{,3}/squidGuard.log w,
> /var/lib/squidguard/** rw,
>
> # squidguard by default uses /var/log/squid as its logdir, however, we
> # don't want it to modify squid's logs, only its own. Explicitly deny
> # writes to squid's files but allow all others since the user may specify
> # anything via the squidGuard 'log' directive.
> /var/log/squid{,3}/* rw,
> audit deny /var/log/squid{,3}/{access,cache,store}.log* w,
While I don't know squidguard at all, I'm a bit surprised it requires
read access to the logs. If it does then maybe it shouldn't be able to
read those belonging to squid itself ?
Thanks a lot for the additions!
Simon
More information about the AppArmor
mailing list