mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-07 02:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/profiles-a-f/exim4
Jose Maldonado aka Yukiteru 0d5655ba76 Noise reduction in exim4 profile 
exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6
in read mode searching information over IPv6 connection in the host.

In the actual profile this access is denied, this change fix this
and reduce noise in log.
2024-05-07 15:55:09 +01:00

61 lines
1.3 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/exim4
profile exim4 @{exec_path} {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability net_bind_service,
capability setgid,
capability setuid,
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
signal (receive) peer=init-exim4,
@{exec_path} mrix,
/etc/email-addresses r,
/etc/aliases r,
/var/lib/exim4/config.autogenerated{,.tmp} r,
/var/lib/dpkg/status r,
/var/log/cron-apt/lastfullmessage r,
/var/log/exim4/ w,
/var/log/exim4/mainlog w,
/var/log/exim4/paniclog w,
/var/log/exim4/rejectlog w,
/var/spool/exim4/ r,
/var/spool/exim4/** rwk,
owner /var/mail/* rwkl -> /var/mail/*,
/tmp/#@{int} rw,
@{run}/exim4/ r,
owner @{run}/exim4/exim.pid rw,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
include if exists <local/exim4>
}
Reference in a new issue View git blame Copy permalink