[apparmor] [patch] profiles: move postfix-common to abstractions
Steve Beattie
steve at nxnw.org
Thu Jun 26 22:19:29 UTC 2014
On Wed, Jun 25, 2014 at 10:58:16AM -0700, Steve Beattie wrote:
> Okay. I'll prepare patches to do the move and fixup the postfix profiles
> to compensate.
And here it is. It's on top of the last patch, but even without it, it's
a bzr mv operation on postfix-common.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
profiles/apparmor.d/abstractions/postfix-common | 33 ++++++++++
profiles/apparmor.d/program-chunks/postfix-common | 33 ----------
profiles/apparmor/profiles/extras/usr.lib.postfix.anvil | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.bounce | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.error | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.flush | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.local | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.master | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.pickup | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.scache | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.showq | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.smtp | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.spawn | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.verify | 2
profiles/apparmor/profiles/extras/usr.lib.postfix.virtual | 2
profiles/apparmor/profiles/extras/usr.sbin.postalias | 2
profiles/apparmor/profiles/extras/usr.sbin.postdrop | 2
profiles/apparmor/profiles/extras/usr.sbin.postmap | 2
profiles/apparmor/profiles/extras/usr.sbin.postqueue | 2
profiles/apparmor/profiles/extras/usr.sbin.sendmail | 2
profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix | 2
31 files changed, 62 insertions(+), 62 deletions(-)
Index: b/profiles/apparmor.d/abstractions/postfix-common
===================================================================
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/postfix-common
@@ -0,0 +1,33 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2014 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# used with postfix/*
+
+
+ capability setuid,
+ capability setgid,
+ capability sys_chroot,
+
+ # postfix's master can send us signals
+ signal receive peer=/usr/lib/postfix/master,
+
+ /etc/mailname r,
+ /etc/postfix/*.cf r,
+ /etc/postfix/*.db r,
+ @{PROC}/net/if_inet6 r,
+ /usr/lib/postfix/*.so mr,
+ /usr/lib{,32,64}/sasl2/* mr,
+ /usr/lib{,32,64}/sasl2/ r,
+ /usr/lib/@{multiarch}/sasl2/* mr,
+ /usr/lib/@{multiarch}/sasl2/ r,
+
+ /var/spool/postfix/etc/* r,
+ /var/spool/postfix/lib/lib*.so* mr,
+ /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
Index: b/profiles/apparmor.d/program-chunks/postfix-common
===================================================================
--- a/profiles/apparmor.d/program-chunks/postfix-common
+++ /dev/null
@@ -1,33 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-# Copyright (C) 2014 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# used with postfix/*
-
-
- capability setuid,
- capability setgid,
- capability sys_chroot,
-
- # postfix's master can send us signals
- signal receive peer=/usr/lib/postfix/master,
-
- /etc/mailname r,
- /etc/postfix/*.cf r,
- /etc/postfix/*.db r,
- @{PROC}/net/if_inet6 r,
- /usr/lib/postfix/*.so mr,
- /usr/lib{,32,64}/sasl2/* mr,
- /usr/lib{,32,64}/sasl2/ r,
- /usr/lib/@{multiarch}/sasl2/* mr,
- /usr/lib/@{multiarch}/sasl2/ r,
-
- /var/spool/postfix/etc/* r,
- /var/spool/postfix/lib/lib*.so* mr,
- /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability setgid,
capability setuid,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability setgid,
capability setuid,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability net_bind_service,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.error
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.error
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.error
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/error rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.flush
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.flush
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.flush
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability setgid,
capability setuid,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/lmtp rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.local
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.local
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.local
@@ -16,7 +16,7 @@
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
#include <abstractions/user-mail>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/bin/procmail Px,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.master
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.master
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.master
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability net_bind_service,
capability kill,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/nqmgr rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
@@ -14,7 +14,7 @@
/usr/lib/postfix/oqmgr {
#include <abstractions/base>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/oqmgr rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/pickup rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
@@ -13,7 +13,7 @@
/usr/lib/postfix/proxymap {
#include <abstractions/base>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability setgid,
capability setuid,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/qmgr rmix,
/{var/spool/postfix/,}active/ r,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/qmqpd rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.scache
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.scache
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.scache
@@ -15,7 +15,7 @@
/usr/lib/postfix/scache {
#include <abstractions/base>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/scache rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.showq
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.showq
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.showq
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/showq rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
#include <abstractions/openssl>
capability dac_override,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
#include <abstractions/openssl>
capability dac_override,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/spawn rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
@@ -14,7 +14,7 @@
/usr/lib/postfix/tlsmgr {
#include <abstractions/base>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/tlsmgr rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/trivial-rewrite rmix,
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.verify
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.verify
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.verify
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/lib/postfix/verify rmix,
}
Index: b/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
capability setgid,
capability setuid,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.postalias
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.postalias
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postalias
@@ -15,7 +15,7 @@
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
#include <abstractions/consoles>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/etc/aliases r,
/etc/aliases.db rwl,
/etc/postfix r,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.postdrop
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
@@ -15,7 +15,7 @@
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
# This is needed at least for permissions=paranoid
capability dac_override,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.postmap
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.postmap
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postmap
@@ -14,7 +14,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/etc/fstab r,
/etc/mtab r,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.postqueue
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
@@ -15,7 +15,7 @@
#include <abstractions/consoles>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
# This is needed at least for permissions=paranoid
capability dac_override,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
@@ -21,7 +21,7 @@
#include <abstractions/nameservice>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/usr/bin/procmail Px,
Index: b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
===================================================================
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
@@ -16,7 +16,7 @@
#include <abstractions/consoles>
#include <abstractions/kerberosclient>
#include <abstractions/user-tmp>
- #include <program-chunks/postfix-common>
+ #include <abstractions/postfix-common>
/etc/mtab r,
/etc/postfix r,
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140626/ce85ef7f/attachment.pgp>
More information about the AppArmor
mailing list