[apparmor] Developing an Apparmor profile for PostgreSQL 10
Espresso Beanies
espressobeanies at gmail.com
Fri Mar 22 14:07:49 UTC 2019
I'm trying to develop an Apparmor profile for PostgreSQL 10 based on the
existing profile here (
https://gitlab.com/apparmor/apparmor-profiles/blob/master/ubuntu/18.04/usr.lib.postgresql.bin.postgres)
however when I go to generate the profile based on the postgres executable
location, I get the following results:
>
>
> # Last Modified: Fri Mar 22 09:59:25 2019
> #include <tunables/global>
> /usr/lib/postgresql/10/bin/postgres {
> #include <abstractions/base>
> /lib/x86_64-linux-gnu/ld-*.so mr,
> /usr/lib/postgresql/10/bin/postgres mr,
> owner /etc/postgresql/10/main/postgresql.conf r,
> }
There seems to be a number of things absent from the profile itself and
since PostgreSQL 10, there also appear to be a number of new locations that
contains resources that the program uses. I find these fun and I'd like to
do more, but I want to make sure they're created properly.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190322/7edc14de/attachment.html>
More information about the AppArmor
mailing list