[apparmor] [patch] several additions for the syslog-ng profiles
Seth Arnold
seth.arnold at canonical.com
Wed Oct 7 18:23:52 UTC 2015
On Wed, Oct 07, 2015 at 12:38:51PM +0200, Christian Boltz wrote:
> References: https://bugzilla.opensuse.org/show_bug.cgi?id=948584
> https://bugzilla.opensuse.org/show_bug.cgi?id=948753
>
>
> I propose this patch for trunk and 2.9.
Acked-By: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
> [ profiles-syslog-ng-bnc948584.diff ]
>
> === modified file 'profiles/apparmor.d/sbin.syslog-ng'
> --- profiles/apparmor.d/sbin.syslog-ng 2015-03-07 20:16:11 +0000
> +++ profiles/apparmor.d/sbin.syslog-ng 2015-10-07 10:33:01 +0000
> @@ -20,6 +20,7 @@
> #include <abstractions/consoles>
> #include <abstractions/nameservice>
> #include <abstractions/mysql>
> + #include <abstractions/openssl>
>
> capability chown,
> capability dac_override,
> @@ -37,7 +38,10 @@
> /dev/syslog w,
> /dev/tty10 rw,
> /dev/xconsole rw,
> + /etc/machine-id r,
> /etc/syslog-ng/* r,
> + /etc/syslog-ng/conf.d/ r,
> + /etc/syslog-ng/conf.d/* r,
> @{PROC}/kmsg r,
> /etc/hosts.deny r,
> /etc/hosts.allow r,
> @@ -50,6 +54,10 @@
> @{CHROOT_BASE}/var/log/** w,
> @{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
> @{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
> + /var/log/journal/ r,
> + /var/log/journal/*/ r,
> + /var/log/journal/*/*.journal r,
> + /{var/,}run/syslog-ng.ctl a,
> /{var/,}run/syslog-ng/additional-log-sockets.conf r,
>
> # Site-specific additions and overrides. See local/README for details.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151007/0b325ac7/attachment.pgp>
More information about the AppArmor
mailing list