[apparmor] List of real-world proven AppArmor profiles

[Christian Boltz]

Hello,

Am Freitag, 11. September 2015 schrieb Thomas E. Horner:
> I have an Ubuntu dns/mail/web server running pretty all services in
> AppArmor. I want to give back the modified profiles to the community
> so please find them attached to this message.

Thanks!

> Please do not hesitate to come back with questions in case i forgot
> something! 

I had a first look at the profiles that we also ship in the AppArmor 
tarball. The diff is in the attached file, which also includes some 
questions (for example, I never needed /tmp/* for dovecot imap, so I'm 
wondering if it is really needed).

Do you have answers to [some of] the questions in the attachment? ;-)

BTW: The file might look like a patch, but is heavily edited (I cleaned 
up unchanged lines, moved lines etc.), so don't even try to apply it 
automatically using the "patch" tool ;-)

I didn't check the additional profiles and those that we ship in the 
extra directory yet. I'll do that in the next days, and probably will 
have some more questions after reading them ;-)

> Please note that few files reside in non-common places,
> e.g. * the mysql database-files for each domain is stored in
> /home/domainname.tld/database/

Just curious - how do you configure that in MySQL?


Regards,

Christian Boltz
-- 
Kurz gefasst:  /etc/crontab ist IMHO so nützlich wie eine Laus in
einem Raumanzug - es juckt, aber Du kannst Dich nicht kratzen, es
sei denn, Du bist Gott auf Deinem System. Und dann weisst Du noch
nicht mal, ob Du anstelle der Laus Deine Nase amputiert hast.
[Jan Trippler in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: first-review.diff
Type: text/x-patch
Size: 9026 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150913/66346377/attachment.bin>