Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Control: tag -1 + fixed-upstream intrigeri (2018-12-16): > Julian Andres Klode: >> It needs some more changes, I'll try to get them fixed up >> this weekend, so I can roll out my server in enforced mode. > > Did your https://gitlab.com/apparmor/apparmor/merge_requests/284 fix > all the incorrect paths this bug was about? > > (I'd like to update this bug's metadata accordingly :) I'll optimistically assume this is indeed fixed in the upstream master branch, and will be part of the AppArmor 3.0 release. If that's incorrect, please let me know :)
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Hi, Julian Andres Klode: > It needs some more changes, I'll try to get them fixed up > this weekend, so I can roll out my server in enforced mode. Did your https://gitlab.com/apparmor/apparmor/merge_requests/284 fix all the incorrect paths this bug was about? (I'd like to update this bug's metadata accordingly :) Cheers, -- intrigeri
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Julian Andres Klode: > It needs some more changes, I'll try to get them fixed up > this weekend, so I can roll out my server in enforced mode. > It will be based on Ubuntu 18.04, though, so might need double > checking. Great!
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
On Mon, Jan 29, 2018 at 12:03:02PM +0100, intrigeri wrote:
> Hi,
>
> the preferred way to fix this nowadays is to fork
> https://gitlab.com/apparmor/apparmor, edit files in
> profiles/apparmor/profiles/extras, commit, push a branch and follow
> the instructions that `git push' will provide to submit
> a merge request.
>
> I guess that replacing all relevant occurrences of:
>
> /usr/lib/postfix
>
> with:
>
> /usr/lib/postfix{,/sbin}
>
> … should to the trick :)
It needs some more changes, I'll try to get them fixed up
this weekend, so I can roll out my server in enforced mode.
It will be based on Ubuntu 18.04, though, so might need double
checking.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Hi,
the preferred way to fix this nowadays is to fork
https://gitlab.com/apparmor/apparmor, edit files in
profiles/apparmor/profiles/extras, commit, push a branch and follow
the instructions that `git push' will provide to submit
a merge request.
I guess that replacing all relevant occurrences of:
/usr/lib/postfix
with:
/usr/lib/postfix{,/sbin}
… should to the trick :)
Cheers,
--
intrigeri
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Control: severity -1 minor Control: tag -1 + upstream Control: found -1 2.11.0-6 Hi, debian-b...@vorpal.se: > After upgrading from jessie to stretch I noticed that postfix was no > longer constrained by apparmor profiles (using aa-unconfined, ps > auxZ etc). > The cause of this issue seems to be that the profiles in this > package use paths like /usr/lib/postfix/master but this has moved to > /usr/lib/postfix/sbin/master. This applies to all /usr/lib/postfix/* > profiles. Thus the profiles do not properly apply to the correct > process. The profiles will need to be updated to point to the > right executables. Good catch, thanks. Now, as /usr/share/doc/apparmor-profiles/extras/README says, these profiles are not supported: Feedback on these unsupported profiles is welcomed; any contributions for this directory should be clearly licensed -- we recommend using the GPL. Please mail suggestions or modifications to the appar...@lists.ubuntu.com mail list: https://lists.ubuntu.com/mailman/listinfo/apparmor So downgrading severity accordingly. Cheers, -- intrigeri
Bug#868563: apparmor-profiles: Apparmor profiles for postfix programs have incorrect path
Package: apparmor-profiles Version: 2.11.0-3 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** After upgrading from jessie to stretch I noticed that postfix was no longer constrained by apparmor profiles (using aa-unconfined, ps auxZ etc). The cause of this issue seems to be that the profiles in this package use paths like /usr/lib/postfix/master but this has moved to /usr/lib/postfix/sbin/master. This applies to all /usr/lib/postfix/* profiles. Thus the profiles do not properly apply to the correct process. The profiles will need to be updated to point to the right executables. *** End of the template - remove these template lines *** -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (900, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apparmor-profiles depends on: ii apparmor 2.11.0-3 apparmor-profiles recommends no packages. apparmor-profiles suggests no packages. -- Configuration Files: -- no debconf information
