This allows postgresql to run on 14.04 and later. Additionally adds
the abstraction needed for client communication.
-Kees
=== added file 'ubuntu/14.04/abstractions/pgsql'
--- ubuntu/14.04/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/14.04/abstractions/pgsql 2015-06-11 04:15:18 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/14.04/usr.lib.postgresql.bin.postgres'
--- ubuntu/14.04/usr.lib.postgresql.bin.postgres 2013-10-21 13:21:37
+0000
+++ ubuntu/14.04/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:10
+0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
=== added file 'ubuntu/14.10/abstractions/pgsql'
--- ubuntu/14.10/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/14.10/abstractions/pgsql 2015-06-11 04:15:28 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/14.10/usr.lib.postgresql.bin.postgres'
--- ubuntu/14.10/usr.lib.postgresql.bin.postgres 2014-07-17 15:33:08
+0000
+++ ubuntu/14.10/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:19
+0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
=== added file 'ubuntu/15.04/abstractions/pgsql'
--- ubuntu/15.04/abstractions/pgsql 1970-01-01 00:00:00 +0000
+++ ubuntu/15.04/abstractions/pgsql 2015-06-11 04:15:38 +0000
@@ -0,0 +1,1 @@
+ /{,var/}run/postgresql/.s.PGSQL.* rw,
=== modified file 'ubuntu/15.04/usr.lib.postgresql.bin.postgres'
--- ubuntu/15.04/usr.lib.postgresql.bin.postgres 2014-10-24 19:02:18
+0000
+++ ubuntu/15.04/usr.lib.postgresql.bin.postgres 2015-06-11 04:13:24
+0000
@@ -2,7 +2,8 @@
#include <tunables/global>
-/usr/lib/postgresql/[0-9.]*/bin/postgres {
+# https://bugs.launchpad.net/apparmor/+bug/1317555
+profile postgresql /usr/lib/postgresql/[0-9.]*/bin/postgres {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
@@ -12,5 +13,5 @@
/var/lib/postgresql/** rwl,
/{,var/}run/postgresql/** rw,
- owner @{PROC}/[0-9]*/oom_adj rw,
+ owner @{PROC}/[0-9]*/oom_{score_,}adj rw,
}
--
Kees Cook
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
