[apparmor] [patch] [2.8 branch] Backport profile additions from the 2.9 branch

Simon Deziel simon.deziel at gmail.com
Thu Apr 14 13:33:16 UTC 2016 

Hi Christian,

I looked at the diff and it looks good. I noticed a 2 things that may be
improved.

On 2016-04-14 08:23 AM, Christian Boltz wrote:
> === modified file 'profiles/apparmor.d/abstractions/php5'
> --- profiles/apparmor.d/abstractions/php5       2010-03-30 17:34:32 +0000
> +++ profiles/apparmor.d/abstractions/php5       2016-04-14 12:13:08 +0000
> @@ -11,8 +11,8 @@
>  # ------------------------------------------------------------------
>  
>    # shared snippets for config files
> -  /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/ r,
> -  /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/*.ini r,
> +  /etc/php5/**/ r,
> +  /etc/php5/**.ini r,
>  
>    # Xlibs
>    /usr/X11R6/lib{,32,64}/lib*.so* mr,
> @@ -30,3 +30,6 @@
>  
>    # MySQL extension
>    /usr/share/mysql/** r,
> +
> +  # Zend opcache
> +  /tmp/.ZendSem.* rwlk,

Would the above work with "owner"?

> === modified file 'profiles/apparmor.d/abstractions/user-mail'
> --- profiles/apparmor.d/abstractions/user-mail  2010-12-22 22:55:18 +0000
> +++ profiles/apparmor.d/abstractions/user-mail  2016-04-14 12:13:08 +0000
> @@ -1,6 +1,7 @@
>  # ------------------------------------------------------------------
>  #
>  #    Copyright (C) 2002-2006 Novell/SUSE
> +#    Copyright (C) 2014 Canonical Ltd.
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -12,8 +13,8 @@
>    owner @{HOME}/[mM]ail/      r,
>    owner @{HOME}/[mM]ail/**    rwl,
>    owner @{HOME}/postponed*    rwl,
> -  /var/spool/mail/      r,
> -  /var/spool/mail/*     rwl,
> +  /var/{,spool/}mail/         r,
> +  /var/{,spool/}mail/*        rwl,

Here too, I think "owner" should be used.

Regards,
Simon


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160414/d7ef7be5/attachment-0001.pgp>

More information about the AppArmor mailing list