[apparmor] [Merge] lp:~elmo/apparmor-profiles/lldpd into lp:apparmor-profiles
Christian Boltz
apparmor at cboltz.de
Fri Jan 17 18:57:15 UTC 2014
Hello,
Am Freitag, 17. Januar 2014 schrieb James Troup:
> James Troup has proposed merging lp:~elmo/apparmor-profiles/lldpd into
> lp:apparmor-profiles.
> For more details, see:
> https://code.launchpad.net/~elmo/apparmor-profiles/lldpd/+merge/202092
> === added file 'ubuntu/10.04/usr.sbin.lldpd'
> --- ubuntu/10.04/usr.sbin.lldpd 1970-01-01 00:00:00 +0000
> +++ ubuntu/10.04/usr.sbin.lldpd 2014-01-17 13:13:03 +0000
> @@ -0,0 +1,33 @@
> +# Author: James Troup <james.troup at canonical.com>
> +
> +#include <tunables/global>
> +
> +/usr/sbin/lldpd {
> + #include <abstractions/base>
> + #include <abstractions/nameservice>
> +
> + capability chown,
> + capability dac_override,
> + capability fowner,
> + capability fsetid,
> + capability kill,
> + capability net_admin,
> + capability net_raw,
> + capability setgid,
> + capability setuid,
> + capability sys_chroot,
> + capability sys_module,
> +
> + network packet raw,
> +
> + /usr/sbin/lldpcli rix,
> + /usr/sbin/lldpd mr,
> +
> + /var/run/lldpd.pid rw,
> + /var/run/lldpd.socket w,
> + /usr/bin/lsb_release rUx,
Given the impressive set of capabilities, I'd prefer to avoid Ux. What
about creating a profile (or child profile) for lsb_release?
(seems to be different in the profiles for newer releases - I'm not sure
if it's still worth fixing for 10.04)
Regards,
Christian Boltz
--
> /etc/sysconfig/powersave/cpufreq contains the line:
> # the next lover CPU frequency. Increasing this value lowers the
^^^^^
we should keep that one ;)
[Michael Gross in https://bugzilla.novell.com/show_bug.cgi?id=183704]
https://code.launchpad.net/~elmo/apparmor-profiles/lldpd/+merge/202092
Your team AppArmor Developers is requested to review the proposed merge of lp:~elmo/apparmor-profiles/lldpd into lp:apparmor-profiles.
More information about the AppArmor
mailing list