[apparmor] [patch] add FIPS support to abstractions/openssl
Christian Boltz
apparmor at cboltz.de
Fri Jan 3 18:11:29 UTC 2014
Hello,
<patch description stolen from Lars Vogdt>
The "/proc/sys/crypto/fips_enabled r," should IMHO be integrated in the
upstream abstractions/openssl as this is not critical if you run without
FIPS, but it will produce a lot of log entries on systems like SLES that
are FIPS aware.
</stolen patch description>
References: https://bugzilla.novell.com/show_bug.cgi?id=857122#c2
=== modified file 'profiles/apparmor.d/abstractions/openssl'
--- profiles/apparmor.d/abstractions/openssl 2011-08-08 20:22:03
+++ profiles/apparmor.d/abstractions/openssl 2014-01-03 18:07:23
@@ -10,4 +10,5 @@
/etc/ssl/openssl.cnf r,
/usr/share/ssl/openssl.cnf r,
+ @{PROC}/sys/crypto/fips_enabled r,
Regards,
Christian Boltz
--
I wonder how we ended up with baseurl and extra_url, now we are missing
one with a "-" like "data-dir" to violate consistency and the principle
of least surprise in all possible ways.
[Duncan Mac-Vicar Prett in bnc#449842]
More information about the AppArmor
mailing list