[apparmor] [patch] Update mlmmj profiles

Seth Arnold seth.arnold at canonical.com
Tue Nov 8 22:47:52 UTC 2016 

On Tue, Nov 08, 2016 at 09:50:40PM +0100, Christian Boltz wrote:
> These two are worth a separate patch:
> 
> 
> [patch] Add m permissions to mlmmj profiles
> 
> Newer kernels need m permissions for the binary the profile covers,
> so add it before someone hits this problem in the wild ;-)
> 
> Also add a note that the mlmmj-recieve profile is probably superfluous
> after upstream renamed the misspelled binary.
> 
> 
> I propose this patch for trunk, 2.10 and 2.9

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Acked for all three.

Thanks

> 
> [ mlmmj-m.diff ]
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce      2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce      2016-11-08 20:40:38 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-bounce {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-bounce r,
> +  /usr/bin/mlmmj-bounce mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-maintd Px,
>    /var/spool/mlmmj/*/subscribers.d/ r,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd      2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd      2016-11-08 20:40:55 +0000
> @@ -17,7 +17,7 @@
>  
>    capability setuid,
>  
> -  /usr/bin/mlmmj-maintd r,
> +  /usr/bin/mlmmj-maintd mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-bounce Px,
>    /usr/bin/mlmmj-unsub Px,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-process'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-process     2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-process     2016-11-08 20:41:35 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-process {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-process r,
> +  /usr/bin/mlmmj-process mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-sub Px,
>    /usr/bin/mlmmj-unsub Px,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive     2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive     2016-11-08 20:41:45 +0000
> @@ -16,7 +16,7 @@
>    #include <abstractions/base>
>  
>    /usr/bin/mlmmj-process Px,
> -  /usr/bin/mlmmj-receive r,
> +  /usr/bin/mlmmj-receive mr,
>    /var/spool/mlmmj/*/incoming/ rw,
>    /var/spool/mlmmj/*/incoming/* rw,
>  }
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve     2010-12-20 20:29:10 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve     2016-11-08 20:43:15 +0000
> @@ -9,12 +9,17 @@
>  # ------------------------------------------------------------------
>  # vim:syntax=apparmor
>  
> +
> +# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
> +# so this profile is probably superfluous
> +
> +
>  #include <tunables/global>
>  
>  /usr/bin/mlmmj-recieve {
>    #include <abstractions/base>
>  
>    /usr/bin/mlmmj-process Px,
> -  /usr/bin/mlmmj-recieve r,
> +  /usr/bin/mlmmj-recieve mr,
>    /var/spool/mlmmj/*/incoming/* w,
>  }
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-send'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-send        2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-send        2016-11-08 20:43:28 +0000
> @@ -16,7 +16,7 @@
>    #include <abstractions/base>
>    #include <abstractions/nameservice>
>  
> -  /usr/bin/mlmmj-send r,
> +  /usr/bin/mlmmj-send mr,
>    /var/spool/mlmmj/*/archive/* w,
>    /var/spool/mlmmj/*/control/* r,
>    /var/spool/mlmmj/*/index rwk,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-08 20:43:39 +0000
> @@ -18,7 +18,7 @@
>    capability setuid,
>  
>    /usr/bin/mlmmj-send Px,
> -  /usr/bin/mlmmj-sub r,
> +  /usr/bin/mlmmj-sub mr,
>    /var/spool/mlmmj/*/control/ r,
>    /var/spool/mlmmj/*/control/* r,
>    /var/spool/mlmmj/*/queue/ rw,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub       2016-11-08 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub       2016-11-08 20:43:51 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-unsub {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-unsub r,
> +  /usr/bin/mlmmj-unsub mr,
>    /usr/bin/mlmmj-send Px,
>    /var/spool/mlmmj/*/control/ r,
>    /var/spool/mlmmj/*/control/* r,
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161108/0772784d/attachment.pgp>

More information about the AppArmor mailing list