[Touch-packages] [Bug 1864466] [NEW] abstraction file for tcpwrappers

[Lee Maguire]

Public bug reported:

Please include an abstraction file for TCP wappers - e.g.
abstractions/tcpwap

This would include, at minimum,

```
  /etc/hosts.allow r,
  /etc/hosts.deny r,
```

Software built to read hosts.allow (e.g. built with libwrap0) will
usually have these permissions incorporated into their AppArmor
profiles.

However, the hosts.allow/deny files can reference other files in
arbitrary filesystem locations - so any file references in hosts.allow
must also then be added to all profiles that reference hosts.allow.

Using an abstraction would allow this to be added once.

from man 5 hosts.allow

```
A string that begins with a '/' character is treated as a file name. A host 
name or address is matched if it matches any host name or address pattern 
listed in the named file. The file format is zero or more lines with zero or 
more host name or address patterns separated by whitespace. A file name pattern 
can be used anywhere a host name or address pattern can be used.
```

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1864466

Title:
  abstraction file for tcpwrappers

Status in apparmor package in Ubuntu:
  New

Bug description:
  Please include an abstraction file for TCP wappers - e.g.
  abstractions/tcpwap

  This would include, at minimum,

  ```
    /etc/hosts.allow r,
    /etc/hosts.deny r,
  ```

  Software built to read hosts.allow (e.g. built with libwrap0) will
  usually have these permissions incorporated into their AppArmor
  profiles.

  However, the hosts.allow/deny files can reference other files in
  arbitrary filesystem locations - so any file references in hosts.allow
  must also then be added to all profiles that reference hosts.allow.

  Using an abstraction would allow this to be added once.

  from man 5 hosts.allow

  ```
  A string that begins with a '/' character is treated as a file name. A host 
name or address is matched if it matches any host name or address pattern 
listed in the named file. The file format is zero or more lines with zero or 
more host name or address patterns separated by whitespace. A file name pattern 
can be used anywhere a host name or address pattern can be used.
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1864466/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp