Mwalker has uploaded a new change for review.
https://gerrit.wikimedia.org/r/147666
Change subject: Some additional AppArmor paths for OCG
......................................................................
Some additional AppArmor paths for OCG
These shook out in testing.
Change-Id: I0cc901e378b6dcad0482965ded3926d8591334ab
---
M modules/ocg/templates/usr.bin.nodejs.apparmor.erb
1 file changed, 6 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/66/147666/1
diff --git a/modules/ocg/templates/usr.bin.nodejs.apparmor.erb
b/modules/ocg/templates/usr.bin.nodejs.apparmor.erb
index 7a2d557..df7c470 100755
--- a/modules/ocg/templates/usr.bin.nodejs.apparmor.erb
+++ b/modules/ocg/templates/usr.bin.nodejs.apparmor.erb
@@ -20,7 +20,7 @@
<%= @output_dir %>/*.tex rw,
<%= @output_dir %>/*.txt rw,
<%= @output_dir %>/*.zip rw,
- <%= @postmortem_dir %>/** rw,
+ <%= @postmortem_dir %>/** rwk,
/tmp/** rwk,
/bin/dash ix,
@@ -48,8 +48,12 @@
/usr/share/texlive/texmf-dist/fonts/** r,
/etc/ImageMagick/** r,
- /usr/share/ImageImagick/** r,
+ /usr/share/ImageMagick*/** r,
/usr/lib/x86_64-linux-gnu/ImageMagick*/** rm,
+
+ # I think it needs this for glibc
+ /etc/passwd
+ /etc/nsswitch.conf
}
/usr/bin/{unzip,zip} cx,
--
To view, visit https://gerrit.wikimedia.org/r/147666
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0cc901e378b6dcad0482965ded3926d8591334ab
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mwalker <mwal...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
