[apparmor] [PATCH] 04/04 policy syslog unix socket policy updates
Jamie Strandboge
jamie at canonical.com
Wed Aug 27 21:53:03 UTC 2014
On 08/27/2014 04:34 PM, Jamie Strandboge wrote:
> Starting a subthread for some additions to John's patches. This series assumes
> John's 12 patches are applied and includes updates to the apparmor.d man page
> and some policy updates. I expect I might have to adjust this a bit, but wanted
> to send it up for comment. Let's have an ACK mean to apply it once it is safe to
> do so.
>
When testing rsyslog confinement, I noticed it needed this added to its policy:
unix (receive) type=dgram,
unix (receive) type=stream,
I don't have syslogd and syslog-ng systems to test this on, but it seemed to
make sense to add the above for sbin.syslogd and sbin.syslog-ng. If someone can
confirm or even confirm that type=stream should *not* be used with either/both
of these, I can adjust the policy as needed.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-syslog-unix.patch
Type: text/x-diff
Size: 980 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140827/299003fd/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140827/299003fd/attachment.pgp>
More information about the AppArmor
mailing list