mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
sbin.rpc.statd: add hosts_access abstraction, /etc/nfs.conf{,.d/}
Also update to use @{run}
This commit is contained in:
Daniel Richard G
parent
83685ba703
commit
8e845c2e7f
1 changed files with 7 additions and 3 deletions
|
|
@ -14,6 +14,7 @@ include <tunables/global>
|
||||||
|
|
||||||
profile rpc.statd /{usr/,}sbin/rpc.statd {
|
profile rpc.statd /{usr/,}sbin/rpc.statd {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/hosts_access>
|
||||||
include <abstractions/nameservice>
|
include <abstractions/nameservice>
|
||||||
|
|
||||||
# needed to sanely drop privileges
|
# needed to sanely drop privileges
|
||||||
|
|
@ -32,6 +33,9 @@ profile rpc.statd /{usr/,}sbin/rpc.statd {
|
||||||
@{PROC}/sys/fs/nfs/nsm_local_state w,
|
@{PROC}/sys/fs/nfs/nsm_local_state w,
|
||||||
|
|
||||||
/etc/netconfig r,
|
/etc/netconfig r,
|
||||||
|
/etc/nfs.conf rk,
|
||||||
|
/etc/nfs.conf.d/ r,
|
||||||
|
/etc/nfs.conf.d/* rk,
|
||||||
/etc/rpc r,
|
/etc/rpc r,
|
||||||
/{usr/,}sbin/rpc.statd mrix,
|
/{usr/,}sbin/rpc.statd mrix,
|
||||||
/{usr/,}sbin/sm-notify mrix,
|
/{usr/,}sbin/sm-notify mrix,
|
||||||
|
|
@ -46,7 +50,7 @@ profile rpc.statd /{usr/,}sbin/rpc.statd {
|
||||||
/var/lib/nfs/statd/sm.bak/* rwl,
|
/var/lib/nfs/statd/sm.bak/* rwl,
|
||||||
/var/lib/nfs/state rwk,
|
/var/lib/nfs/state rwk,
|
||||||
/var/lib/nfs/state.new rwl,
|
/var/lib/nfs/state.new rwl,
|
||||||
/{,var/}run/rpc.statd.pid w,
|
@{run}/rpc.statd.pid w,
|
||||||
/{,var/}run/rpcbind.sock rw,
|
@{run}/rpcbind.sock rw,
|
||||||
/{,var/}run/sm-notify.pid w,
|
@{run}/sm-notify.pid w,
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue