Add m permissions to mlmmj profiles

Newer kernels need m permissions for the binary the profile covers, so add it before someone hits this problem in the wild ;-) Also add a note that the mlmmj-recieve profile is probably superfluous because upstream renamed the misspelled binary. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
2025-03-05 17:01:00 +01:00 · 2016-11-09 19:45:12 +01:00 · 2016-11-09 19:45:12 +01:00 · eacb977ebd
commit eacb977ebd
parent 29d287f94e
8 changed files with 13 additions and 8 deletions
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@ -15,7 +15,7 @@
 /usr/bin/mlmmj-bounce {
  #include <abstractions/base>

-  /usr/bin/mlmmj-bounce r,
+  /usr/bin/mlmmj-bounce mr,
  /usr/bin/mlmmj-send Px,
  /usr/bin/mlmmj-maintd Px,
  /var/spool/mlmmj/*/subscribers.d/ r,
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@ -17,7 +17,7 @@

  capability setuid,

-  /usr/bin/mlmmj-maintd r,
+  /usr/bin/mlmmj-maintd mr,
  /usr/bin/mlmmj-send Px,
  /usr/bin/mlmmj-bounce Px,
  /usr/bin/mlmmj-unsub Px,
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@ -15,7 +15,7 @@
 /usr/bin/mlmmj-process {
  #include <abstractions/base>

-  /usr/bin/mlmmj-process r,
+  /usr/bin/mlmmj-process mr,
  /usr/bin/mlmmj-send Px,
  /usr/bin/mlmmj-sub Px,
  /usr/bin/mlmmj-unsub Px,
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@ -16,7 +16,7 @@
  #include <abstractions/base>

  /usr/bin/mlmmj-process Px,
-  /usr/bin/mlmmj-receive r,
+  /usr/bin/mlmmj-receive mr,
  /var/spool/mlmmj/*/incoming/ rw,
  /var/spool/mlmmj/*/incoming/* rw,
 }
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
@ -9,12 +9,17 @@
 # ------------------------------------------------------------------
 # vim:syntax=apparmor

+
+# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
+# so this profile is probably superfluous
+
+
 #include <tunables/global>

 /usr/bin/mlmmj-recieve {
  #include <abstractions/base>

  /usr/bin/mlmmj-process Px,
-  /usr/bin/mlmmj-recieve r,
+  /usr/bin/mlmmj-recieve mr,
  /var/spool/mlmmj/*/incoming/* w,
 }
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@ -16,7 +16,7 @@
  #include <abstractions/base>
  #include <abstractions/nameservice>

-  /usr/bin/mlmmj-send r,
+  /usr/bin/mlmmj-send mr,
  /var/spool/mlmmj/*/archive/* w,
  /var/spool/mlmmj/*/control/* r,
  /var/spool/mlmmj/*/index rwk,
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@ -18,7 +18,7 @@
  capability setuid,

  /usr/bin/mlmmj-send Px,
-  /usr/bin/mlmmj-sub r,
+  /usr/bin/mlmmj-sub mr,
  /var/spool/mlmmj/*/control/ r,
  /var/spool/mlmmj/*/control/* r,
  /var/spool/mlmmj/*/queue/ rw,
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@ -15,7 +15,7 @@
 /usr/bin/mlmmj-unsub {
  #include <abstractions/base>

-  /usr/bin/mlmmj-unsub r,
+  /usr/bin/mlmmj-unsub mr,
  /usr/bin/mlmmj-send Px,
  /var/spool/mlmmj/*/control/ r,
  /var/spool/mlmmj/*/control/* r,