[apparmor] [patch] update netstat profile

Sun Aug 6 18:31:56 UTC 2017

Hello,

$subject.
- allow reading @{PROC}/@{pid}/net/netstat and @{PROC}/@{pid}/net/snmp
- drop owner conditional - /proc/*/net/* is always owned by root, and
  the owner conditional means breaking netstat for non-root users
- drop "@{PROC}/@{pids}/fd r," - /proc/*/fd is a directory, so this rule
  would never apply

This is an "extra" profile, which means updating it in trunk is enough ;-)


=== modified file 'profiles/apparmor/profiles/extras/bin.netstat'

--- profiles/apparmor/profiles/extras/bin.netstat       2016-12-03 09:59:01 +0000
+++ profiles/apparmor/profiles/extras/bin.netstat       2017-08-06 18:27:06 +0000
@@ -2,6 +2,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) 2017 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -27,15 +28,16 @@
   /etc/networks r,
   @{PROC} r,
   @{PROC}/@{pids}/cmdline r,
-  @{PROC}/@{pids}/fd r,
   @{PROC}/net r,
   @{PROC}/net/* r,
   @{PROC}/@{pids}/fd/ r,
-  owner @{PROC}/@{pid}/net/raw r,
-  owner @{PROC}/@{pid}/net/raw6 r,
-  owner @{PROC}/@{pid}/net/tcp r,
-  owner @{PROC}/@{pid}/net/tcp6 r,
-  owner @{PROC}/@{pid}/net/udp r,
-  owner @{PROC}/@{pid}/net/udp6 r,
-  owner @{PROC}/@{pid}/net/unix r,
+  @{PROC}/@{pid}/net/netstat r,
+  @{PROC}/@{pid}/net/raw r,
+  @{PROC}/@{pid}/net/snmp r,
+  @{PROC}/@{pid}/net/raw6 r,
+  @{PROC}/@{pid}/net/tcp r,
+  @{PROC}/@{pid}/net/tcp6 r,
+  @{PROC}/@{pid}/net/udp r,
+  @{PROC}/@{pid}/net/udp6 r,
+  @{PROC}/@{pid}/net/unix r,
 }


Regards,

Christian Boltz
-- 
> Wenn mir jemand im Klartext (deutsch oder schwäbisch) schreiben könnte
Om's scsi_mod musch di et kimmra, des kå modprobe en dr
/lib/modules/`uname -r`/modules.dep, die vom depmod gschriba wird,
selbr rausfenda.   [> Ute Ferlein und David Haller in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170806/145bef10/attachment.pgp>
