Hello Today I've noticed, that 'usr.sbin.userdel' profile, found in /usr/share/doc/apparmor-profiles/extras/ folder, seems to be not very "compatible" with *ubuntu (in this case 16.04 LTS Release.) Now, I'll explain what I mean.
'usr.sbin.userdel' profile contains two rules, related to userdel(8), which is a low level utility for removing users etc., right? However, these rules/commands do not exist in the *ubuntu distributions. These are: ✗ /usr/sbin/userdel-post.local ✗ /usr/sbin/userdel-pre.local During searching for additional informations about these commands, it turned out that they are a part of the shadow package (for example, version 4.2.1-4.1), but on OpenSUSE distribution. I wanted to have one hundred percent sure, so I was looking for a both commands, on my 16.04 LTS install, but it leaded to: "No such file or directory" result. If it's about "/usr/sbin/userdel-post.local"; this command is run after removing a user. On the other hand, "/usr/sbin/userdel-pre.local", is run before removing a user. But these are probably not important informations, right? I think that both commands should be removed from a profile shipped with Ubuntu AppArmor package. But, thats is just my personal opinion. Nothing more, nothing less. Now, the second issue: I've noticed also two, the same rules, commands, used in 'usr.sbin.userdel' profile. These are: 44. /usr/sbin/userdel rmix, (...) 47. /usr/sbin/userdel rmix, These numbers, indicating the places in which these rules occurring. Of course, in a default profile from /usr/share/doc/apparmor-profiles/extras/ folder. I think one of those rules should or could be removed from the profile. Anyway, I think patch will be very small ;- ) But what are your opinions? What all of you think about these issues? I'm sorry for writing about these things. At last, they are not something big or important, right? I simply noticed this, during auditing AppArmor profiles etc. Thanks, best regards.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
