[apparmor] [PATCH] audio and base abstraction updates
Christian Boltz
apparmor at cboltz.de
Tue Apr 9 11:36:02 UTC 2013
Hello,
Am Montag, 8. April 2013 schrieb Jamie Strandboge:
> Recent kernels/glibc also now trigger reads for
> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3)
> and proc(5). Basically, there are different memory allocation
> strategies and /proc/sys/vm/overcommit_memory contains the 'virtual
> memory accounting' mode. The update for the base abstraction gives
> read access to this file.
To make the collection complete:
Acked-By: Christian Boltz <apparmor at cboltz.de>
Please also backport both patches to the 2.8 branch.
As a side effect of the abstractions/base patch, we should also clean up
the usr.sbin.nscd profile (which includes abstractions/base):
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2013-03-05 21:11:59 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2013-04-09 11:29:38 +0000
@@ -42,7 +42,6 @@
@{PROC}/@{pid}/maps r,
@{PROC}/@{pid}/mounts r,
@{PROC}/filesystems r,
- @{PROC}/sys/vm/overcommit_memory r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nscd>
To avoid trouble with *.rpmnew files etc., this small patch shouldn't be
backported to 2.8.
Regards,
Christian Boltz
--
im Vergleich dazu [...] in etwa so, als wenn man mit den Händen den
Kasten Bier aus dem Supermarkt die 20 Meter nach Hause schleppt statt
mit einem Flugzeugträger festzumachen, umd das gleiche zu erledigen. ;)
[Timo Schoeler in postfixbuch-users]
More information about the AppArmor
mailing list