Re: [apparmor] [patch] Update mlmmj profiles

Seth Arnold Tue, 08 Nov 2016 14:48:36 -0800

On Tue, Nov 08, 2016 at 09:50:40PM +0100, Christian Boltz wrote:
> These two are worth a separate patch:
> 
> 
> [patch] Add m permissions to mlmmj profiles
> 
> Newer kernels need m permissions for the binary the profile covers,
> so add it before someone hits this problem in the wild ;-)
> 
> Also add a note that the mlmmj-recieve profile is probably superfluous
> after upstream renamed the misspelled binary.
> 
> 
> I propose this patch for trunk, 2.10 and 2.9


Acked-by: Seth Arnold <[email protected]>

Acked for all three.

Thanks

> 
> [ mlmmj-m.diff ]
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce      2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce      2016-11-08 
> 20:40:38 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-bounce {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-bounce r,
> +  /usr/bin/mlmmj-bounce mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-maintd Px,
>    /var/spool/mlmmj/*/subscribers.d/ r,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd      2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd      2016-11-08 
> 20:40:55 +0000
> @@ -17,7 +17,7 @@
>  
>    capability setuid,
>  
> -  /usr/bin/mlmmj-maintd r,
> +  /usr/bin/mlmmj-maintd mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-bounce Px,
>    /usr/bin/mlmmj-unsub Px,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-process'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-process     2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-process     2016-11-08 
> 20:41:35 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-process {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-process r,
> +  /usr/bin/mlmmj-process mr,
>    /usr/bin/mlmmj-send Px,
>    /usr/bin/mlmmj-sub Px,
>    /usr/bin/mlmmj-unsub Px,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive     2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive     2016-11-08 
> 20:41:45 +0000
> @@ -16,7 +16,7 @@
>    #include <abstractions/base>
>  
>    /usr/bin/mlmmj-process Px,
> -  /usr/bin/mlmmj-receive r,
> +  /usr/bin/mlmmj-receive mr,
>    /var/spool/mlmmj/*/incoming/ rw,
>    /var/spool/mlmmj/*/incoming/* rw,
>  }
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve     2010-12-20 
> 20:29:10 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve     2016-11-08 
> 20:43:15 +0000
> @@ -9,12 +9,17 @@
>  # ------------------------------------------------------------------
>  # vim:syntax=apparmor
>  
> +
> +# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
> +# so this profile is probably superfluous
> +
> +
>  #include <tunables/global>
>  
>  /usr/bin/mlmmj-recieve {
>    #include <abstractions/base>
>  
>    /usr/bin/mlmmj-process Px,
> -  /usr/bin/mlmmj-recieve r,
> +  /usr/bin/mlmmj-recieve mr,
>    /var/spool/mlmmj/*/incoming/* w,
>  }
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-send'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-send        2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-send        2016-11-08 
> 20:43:28 +0000
> @@ -16,7 +16,7 @@
>    #include <abstractions/base>
>    #include <abstractions/nameservice>
>  
> -  /usr/bin/mlmmj-send r,
> +  /usr/bin/mlmmj-send mr,
>    /var/spool/mlmmj/*/archive/* w,
>    /var/spool/mlmmj/*/control/* r,
>    /var/spool/mlmmj/*/index rwk,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-08 20:34:15 
> +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-08 20:43:39 
> +0000
> @@ -18,7 +18,7 @@
>    capability setuid,
>  
>    /usr/bin/mlmmj-send Px,
> -  /usr/bin/mlmmj-sub r,
> +  /usr/bin/mlmmj-sub mr,
>    /var/spool/mlmmj/*/control/ r,
>    /var/spool/mlmmj/*/control/* r,
>    /var/spool/mlmmj/*/queue/ rw,
> 
> === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub'
> --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub       2016-11-08 
> 20:34:15 +0000
> +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub       2016-11-08 
> 20:43:51 +0000
> @@ -15,7 +15,7 @@
>  /usr/bin/mlmmj-unsub {
>    #include <abstractions/base>
>  
> -  /usr/bin/mlmmj-unsub r,
> +  /usr/bin/mlmmj-unsub mr,
>    /usr/bin/mlmmj-send Px,
>    /var/spool/mlmmj/*/control/ r,
>    /var/spool/mlmmj/*/control/* r,
>

signature.asc
Description: PGP signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [patch] Update mlmmj profiles

Reply via email to