[apparmor] [patch] Allow both paths in traceroute profile
Seth Arnold
seth.arnold at canonical.com
Thu Sep 29 22:02:43 UTC 2016
On Thu, Sep 29, 2016 at 09:34:21PM +0200, Christian Boltz wrote:
> Hello,
>
> in 2011 (r1803), the traceroute profile was changed to also match
> /usr/bin/traceroute.db:
> /usr/{sbin/traceroute,bin/traceroute.db} {
>
> However, permissions for /usr/bin/traceroute.db were never added.
> This patch fixes this.
>
>
> While on it, also change the /usr/sbin/traceroute permissions from
> rmix to the less confusing mrix.
>
>
> I propose this patch for trunk, 2.10 and 2.9.
>
>
> [ traceroute-both-paths.diff ]
Awwww thanks for making it multiple rules :)
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for all three branches.
Thanks
> === modified file 'profiles/apparmor.d/usr.sbin.traceroute'
> --- profiles/apparmor.d/usr.sbin.traceroute 2011-11-30 12:15:21 +0000
> +++ profiles/apparmor.d/usr.sbin.traceroute 2016-09-29 19:30:25 +0000
> @@ -20,7 +20,8 @@
> network inet raw,
> network inet6 raw,
>
> - /usr/sbin/traceroute rmix,
> + /usr/sbin/traceroute mrix,
> + /usr/bin/traceroute.db mrix,
> @{PROC}/net/route r,
>
> # Site-specific additions and overrides. See local/README for details.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160929/6e7ef2d5/attachment.pgp>
More information about the AppArmor
mailing list