[apparmor] [patch] [2.8 branch] Backport profile additions from the 2.9 branch
Simon Deziel
simon.deziel at gmail.com
Thu Apr 14 18:54:24 UTC 2016
On 2016-04-14 02:45 PM, Christian Boltz wrote:
>>> === modified file 'profiles/apparmor.d/abstractions/user-mail'
>>> --- profiles/apparmor.d/abstractions/user-mail 2010-12-22 22:55:18
>>> +0000 +++ profiles/apparmor.d/abstractions/user-mail 2016-04-14
>>> 12:13:08 +0000 @@ -1,6 +1,7 @@
>>>
>>> #
>>> ------------------------------------------------------------------
>>> #
>>> # Copyright (C) 2002-2006 Novell/SUSE
>>>
>>> +# Copyright (C) 2014 Canonical Ltd.
>>>
>>> #
>>> # This program is free software; you can redistribute it and/or
>>> # modify it under the terms of version 2 of the GNU General
>>> Public
>>>
>>> @@ -12,8 +13,8 @@
>>>
>>> owner @{HOME}/[mM]ail/ r,
>>> owner @{HOME}/[mM]ail/** rwl,
>>> owner @{HOME}/postponed* rwl,
>>>
>>> - /var/spool/mail/ r,
>>> - /var/spool/mail/* rwl,
>>> + /var/{,spool/}mail/ r,
>>> + /var/{,spool/}mail/* rwl,
>>
>> Here too, I think "owner" should be used.
>
> The reason for this change was to cover /var/mail/ and /var/spool/mail/
> (one is typically a symlink to the other)
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1192965
>
> Restricting that to owner doesn't sound bad, but I don't want to do this
> in the 2.8 backport patch because it would remove permissions and
> therefore comes with the risk to break something.
>
> You know how to send merge requests - if you send one to trunk that adds
> the owner restriction to /var/{,spool/}mail/*, I won't object ;-)
Will do, thanks.
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160414/0b753521/attachment-0001.pgp>
More information about the AppArmor
mailing list