mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
7726 commits 23 branches 109 tags 32 MiB
Commit graph

1450 commits

Author SHA1 Message Date
Seth Arnold
db9b4978bf apache certificate and key fix from Volker Kuhlmann 2007-01-03 06:51:17 +00:00
Seth Arnold
4dfe5804f3 openSUSE 10.2's sshd config, fix from Volker Kuhlmann 2007-01-03 06:49:36 +00:00
Steve Beattie
8d0e3d3efc Postfix tlsmgr in 10.2 uses some kind of connection caching stuff; 
without this fix, postfix that makes use of tls breaks. :-/
 2006-12-08 06:26:21 +00:00
Seth Arnold
db58677ca4 make the /dev/log w, dependency explicit, rather than rely on abstractions/base to provide it 2006-11-27 10:44:24 +00:00
Seth Arnold
f845643c0a [Bug 220331] syslog-ng cannot log news messages -- syslog-ng can easily log to other uids and gids 2006-11-27 10:21:07 +00:00
Seth Arnold
59213c936e Bug 220331 - syslog-ng cannot log news messages -- Apparently Stefan's syslog-ng configuration logs news events into a subdir of /var/log 2006-11-21 06:18:03 +00:00
Seth Arnold
5cfb51c6b2 Bug 221111 - ntpd needs access to /proc/net/if_inet6 2006-11-16 12:16:10 +00:00
Seth Arnold
f4b0f9fe28 disable netstat profile: 10.2 beta kernels require an ungrantable ptrace privilege 2006-11-16 12:00:00 +00:00
Seth Arnold
3b5cb9709e Bug 197186 - apparmor breaks openntpd -- apparently openntpd uses the same daemon name as the xntpd-supplied ntpd, but uses a different configuration file. no other details in the bug report, i hope this is sufficient 2006-11-14 11:17:22 +00:00
Seth Arnold
2c340e26a2 Bug 202095 - useradd / userdel profiles incomplete 2006-11-13 09:53:10 +00:00
Seth Arnold
5aacc30be4 Bug 219583 - rejecting w access for syslog-ng 2006-11-13 09:40:29 +00:00
Seth Arnold
6ac474b85e add 'm' access to /etc/ld.so.cache to fix bug 219580 -- still unknown why this access is necessary 2006-11-09 07:35:44 +00:00
Seth Arnold
11fffe3988 new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
Seth Arnold
bd0abb8929 remove the Px rules on ld.so; remove the ld.so profiles; remove the ldd profile. Use the 'm' rules to say which files can be mapped executable as sole source of 'read-doesn't-imply-execute raising the bar' 2006-11-05 08:37:48 +00:00
Steve Beattie
af33afe8f7 Convert the rest of the packages to symlinking in the common directory 
so that 'make dist' will work.
 2006-11-04 21:34:47 +00:00
Seth Arnold
a003664ef6 remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:52 +00:00
Seth Arnold
36db2bf010 remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
Seth Arnold
888bb58330 lost profile, not sure why it wasn't checked in earlier 2006-10-31 14:26:09 +00:00
Seth Arnold
86f5b210b9 https://bugzilla.novell.com/show_bug.cgi?id=178073 
add full /etc/postfix/*.db read access to all postfix programs. This is
just easier.
Also let the smtp portion write to the rewrite pipe.
 2006-10-18 20:13:42 +00:00
Steve Beattie
08651d770b [https://bugzilla.novell.com/show_bug.cgi?id=203557] 
Add support for python egg archives as well as python 2.5. Perhaps the
python version should be seperated into a variable?
 2006-09-11 21:17:43 +00:00
Seth Arnold
770d7d521e crispin noticed that this profile includes a pointless Px domain transition 2006-08-21 22:11:47 +00:00
Seth Arnold
dfa966cbdc r3528@dhcp-81: root | 2006-08-02 16:39:14 -0700 
fix 0-0 typo
 2006-08-04 18:14:15 +00:00
Seth Arnold
087c48b35e r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 
Fix up the m, U, and P stuff, and other misc fixes
 2006-08-04 18:13:59 +00:00
Steve Beattie
9249ffcd00 This patch adds two new make targets to the profiles package: 'check' 
and 'check-install'. The 'check' target will attempt to run the profiles
in the working subversion directory (both in enabled/ and extras/
directories) through the apparmor_parser as a means of sanity checking
the profiles.

The 'check-install' target will also run the 'check' target, only
against the installed location, modifiable by DESTDIR and EXTRASDIR (to
match the behavior of the 'install' target). It also will run logprof
(with an empty logfile) on the installation location, as logprof and the
parser have differing ideas of what is a valid profile :-( .

Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path'
will install the profiles into a location and cycle the parser and
logprof over the profiles in that

The 'check' target cannot run logprof as the subversion layout does not
conform to a hierarchy logprof can deal with. The limitations also mean
that logprof will not check the profiles in the extras/ directory.

There are other passable variables that impact the 'check' and
'check-install' targets:

  VERBOSE - setting this variable will emit the actual commands run,
	mostly useful for debugging where the implementation of 'check'
	has gone wrong.
  PARSER, LOGPROF - setting these with a path to a different parser or
  	logprof location will have the check targets use those version
	rather than the system utilities; e.g.
	"make check-install LOGPROF=../utils/logprof" to test a modified
	logprof in our current forge svn layout.
 2006-06-05 16:39:29 +00:00
Seth Arnold
6fda1df1a6 Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd profile 2006-05-18 21:32:29 +00:00
Seth Arnold
3ce2e3610c Bug 168035 - apparmor-profiles: lib.ld-2.2.so takes no care of x86_64 /lib/ld-2.4 -- s390x, ppc, ppc64 2006-05-05 17:48:20 +00:00
Seth Arnold
1270a03421 Bug 172670 - postfix doesn't deliver mails anymore after update from SLES9 2006-05-05 15:31:29 +00:00
Seth Arnold
daa4c2b1cb also document the post* profiles in the extras/README 2006-05-03 21:45:43 +00:00
Seth Arnold
0b7811057f oops, forgot to disable some of the other postfix helpers; postalias, postdrop, postmap, postqueue 2006-05-03 21:38:44 +00:00
Seth Arnold
feaeb486ec clean up the extras/README so that people can more easily see the point of the directory 2006-05-03 21:22:02 +00:00
Seth Arnold
ecb3d24bde remove all the complain mode flags from the postfix profiles (now in extras) 2006-05-03 20:41:27 +00:00
Seth Arnold
e5c47dfd15 eagle-eye darix spotted broken alternations in smtpd profile; the rules used to expand to /var/spool/postfixpublic/cleanup //public/cleanup now they expand to /var/spool/postfix/public/cleanup /public/cleanup 2006-05-03 20:33:59 +00:00
Seth Arnold
e2b220a59a force procmail to 'px' rather than 'ux' in the (now disabled) postfix profiles 2006-05-03 19:51:11 +00:00
Seth Arnold
a5bf394cc1 move squid from enabled to disabled; we've decided to turn it off too 2006-05-03 19:49:15 +00:00
Seth Arnold
d94da33747 move all the postfix programs to extras; we've decided to not turn them on by default 2006-05-03 19:48:45 +00:00
Seth Arnold
426a491f54 darix noticed I had forgotten the svn:keywords property on all my new files and cut-n-waste was blaming steve for all these files 2006-05-02 21:41:28 +00:00
Seth Arnold
437b53a557 Bug 170154 - squid dies when setting auth_param basic program /usr/sbin/pam_auth 2006-05-02 17:48:04 +00:00
Seth Arnold
9636ab4669 Bug 167798 - misc profile modifications from darix -- mlmmj, lighttpd, oidentd profiles in extras/, new postfix helpers in complain mode (enabled), split apart nameservice a little (non destructively), add new abstractions for python, ruby, and php5, add web-data and svn-repositories data-centric abstractions 2006-05-02 00:25:47 +00:00
Seth Arnold
c0ffe84f43 Bug 168581 - readaccess to /proc/meminfo not granted to nscd -- add sysconf(3) files to abstractions/base 2006-05-01 17:34:59 +00:00
Seth Arnold
1be9dfacbc Bug 165191 - named can't write slave zones 2006-05-01 17:32:36 +00:00
Seth Arnold
8a767bce13 Add a dummy pipe profile in complain mode. Pipe is pretty flexible, so sysadmins should turn on AppArmor for pipe themselves. 2006-04-29 00:11:54 +00:00
Seth Arnold
f0d6ffa33a mdnsd writes to the console, thanks darix 2006-04-28 22:48:28 +00:00
Seth Arnold
543b642d1f Bug 159667 - Postfix SASL authentication fails with "no mechanism available" 2006-04-27 22:40:08 +00:00
Seth Arnold
71b487ad97 Bug 168581 - readaccess to /proc/meminfo not granted to nscd 2006-04-27 12:55:15 +00:00
Seth Arnold
2a2010c839 https://bugzilla.novell.com/show_bug.cgi?id=165116 2006-04-24 21:25:24 +00:00
Seth Arnold
20830f842e SL10.1 has the 2.4 version of glibc, so there's a new loader name. Thanks darix for pointing it out. 2006-04-14 18:00:15 +00:00
Seth Arnold
600ed017bf add a README that describes why the profiles in /etc/apparmor/ aren't enabled 2006-04-14 17:48:11 +00:00
Steve Beattie
e3a5c27679 Remove some archaic cvsignore files. 2006-04-13 21:16:09 +00:00
Steve Beattie
7a1a415557 Update svn:keywords properties. 
Fix makefile to find new common/ location.
 2006-04-12 20:35:41 +00:00
Steve Beattie
6d3e74907d Import the rest of the core functionality of the internal apparmor 
development tree (trunk branch). From svn repo version 6381.
 2006-04-11 21:52:54 +00:00