Felix Geyer has proposed merging lp:~debfx/apparmor-profiles/master into lp:apparmor-profiles.
Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~debfx/apparmor-profiles/master/+merge/83917 ubuntu/12.04/usr.sbin.murmurd: add a child profile for lsb_release The pyconfig.h rule should really be added to abstractions/python, see bug #840734 -- https://code.launchpad.net/~debfx/apparmor-profiles/master/+merge/83917 Your team AppArmor Developers is requested to review the proposed merge of lp:~debfx/apparmor-profiles/master into lp:apparmor-profiles.
=== modified file 'ubuntu/12.04/usr.sbin.murmurd' --- ubuntu/12.04/usr.sbin.murmurd 2011-11-29 23:33:57 +0000 +++ ubuntu/12.04/usr.sbin.murmurd 2011-11-30 11:01:00 +0000 @@ -1,5 +1,4 @@ # Author: Felix Geyer <[email protected]> -# TODO: adjust lsb_release PUx (see below) #include <tunables/global> @@ -17,13 +16,26 @@ /etc/xdg/Trolltech.conf r, deny /etc/xdg/Trolltech.conf k, - # TODO: this would be better served as a child profile. If enough - # applications need it, we can add the child profile to an abstraction - /usr/bin/lsb_release PUx, + /usr/bin/lsb_release Cxr -> lsb_release, /etc/mumble-server.ini rk, /var/lib/mumble-server/ r, /var/lib/mumble-server/** rwk, /{,var/}run/mumble-server/mumble-server.pid rw, /var/log/mumble-server/* rw, + + profile lsb_release { + #include <abstractions/base> + #include <abstractions/python> + + /usr/bin/lsb_release r, + /bin/dash ixr, + /usr/bin/dpkg-query ixr, + + /usr/include/python2.[4567]/pyconfig.h r, + + /etc/lsb-release r, + /etc/debian_version r, + /var/lib/dpkg/** r, + } }
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
