[apparmor] [PATCH profiles] enhance postgresql profile
Kees Cook
kees at ubuntu.com
Thu Jun 11 04:18:12 UTC 2015
This allows postgresql to run on 14.04 and later. Additionally adds
the abstraction needed for client communication.
-Kees
=== added file 'ubuntu/14.04/abstractions/pgsql'
--- ubuntu/14.04/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/14.04/abstractions/pgsql 2015-06-11 04:15:18 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/14.04/usr.lib.postgresql.bin.postgres'
--- ubuntu/14.04/usr.lib.postgresql.bin.postgres 2013-10-21 13:21:37 +0000
+++ ubuntu/14.04/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:10 +0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
=== added file 'ubuntu/14.10/abstractions/pgsql'
--- ubuntu/14.10/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/14.10/abstractions/pgsql 2015-06-11 04:15:28 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/14.10/usr.lib.postgresql.bin.postgres'
--- ubuntu/14.10/usr.lib.postgresql.bin.postgres 2014-07-17 15:33:08 +0000
+++ ubuntu/14.10/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:19 +0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
=== added file 'ubuntu/15.04/abstractions/pgsql'
--- ubuntu/15.04/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/15.04/abstractions/pgsql 2015-06-11 04:15:38 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/15.04/usr.lib.postgresql.bin.postgres'
--- ubuntu/15.04/usr.lib.postgresql.bin.postgres 2014-10-24 19:02:18 +0000
+++ ubuntu/15.04/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:24 +0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
--
Kees Cook
More information about the AppArmor
mailing list