[apparmor] [PATCH v2] update base abstraction for additional journald sockets
Seth Arnold
seth.arnold at canonical.com
Wed May 3 22:51:09 UTC 2017
On Wed, May 03, 2017 at 04:10:01PM -0500, Jamie Strandboge wrote:
> Signed-off-by: Jamie Strandboge <jamie at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
I believe this may address bug 1655982.
> === modified file 'profiles/apparmor.d/abstractions/base'
> --- profiles/apparmor.d/abstractions/base 2017-04-12 17:35:10 +0000
> +++ profiles/apparmor.d/abstractions/base 2017-05-03 21:03:55 +0000
> @@ -33,7 +33,13 @@
> /usr/share/zoneinfo/ r,
> /usr/share/zoneinfo/** r,
> /usr/share/X11/locale/** r,
> - /{,var/}run/systemd/journal/dev-log w,
> + /run/systemd/journal/dev-log w,
> + # systemd native journal API (see sd_journal_print(4))
> + /run/systemd/journal/socket w,
> + # Nested containers and anything using systemd-cat need this. 'r' shouldn't
> + # be required but applications fail without it. journald doesn't leak
> + # anything when reading so this is ok.
> + /run/systemd/journal/stdout rw,
>
> /usr/lib{,32,64}/locale/** mr,
> /usr/lib{,32,64}/gconv/*.so mr,
>
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170503/5fcc15f6/attachment.pgp>
More information about the AppArmor
mailing list