mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1406 commits 23 branches 109 tags 32 MiB
Commit graph

165 commits

Author SHA1 Message Date
Seth Arnold
708db6955e Found via tomcat or iManager profile, pointed out by Steve 2007-02-13 00:14:30 +00:00
Seth Arnold
9b337841b6 Bug 240734 - Applications using nss_ldap need to have access to ldap.secret 2007-02-01 01:00:52 +00:00
Seth Arnold
d7e1af3d5d Bug 190079 - sendmail can't open control socket 2007-01-26 13:56:52 +00:00
Seth Arnold
cefca1ef60 Bug 202095 - useradd / userdel profiles incomplete 2007-01-26 13:28:39 +00:00
Seth Arnold
048d72b72c Bug 181253 - apparmor rejects access for sendmail to /var/lib/sendmail/statistics 2007-01-26 13:13:41 +00:00
Seth Arnold
bc97846544 Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: 2007-01-26 11:06:01 +00:00
Seth Arnold
8c45f2ef71 Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: 2007-01-26 10:52:26 +00:00
Seth Arnold
d892a64317 Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: 2007-01-26 10:50:55 +00:00
Seth Arnold
35ae0848bc Bug 225615 - apparmor rejects glibc AT_PLATFORM directories 2007-01-26 10:14:37 +00:00
Seth Arnold
d0c20aff7f Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to create /var/lib/nfs/sm/<server>: err=-2" 2007-01-26 09:57:42 +00:00
Seth Arnold
a8b460a0c7 Bug 157400 - default AppArmor profile for gaim too restrictive 2007-01-26 09:46:24 +00:00
Seth Arnold
af0d1e5425 My best guess of what was intended in feature requests 300766 and 300767, to add some entries for (currently?) Novell-specific changes to xntpd and named to support W32Time authentication and GSS-TSIG authentication. 2007-01-19 12:05:05 +00:00
Seth Arnold
604b97b271 new passwd profile and sshd changes from Volker Kuhlmann in extras/ 2007-01-05 13:02:25 +00:00
Seth Arnold
749e1cb0aa Fix from Volker Kuhlmann for /tmp symlink to /var/tmp, for ntpd 2007-01-05 12:38:13 +00:00
Seth Arnold
c7f91fa9cb postfix permissions=paranoid fixes from Volker Kuhlmann 2007-01-03 07:29:28 +00:00
Seth Arnold
db9b4978bf apache certificate and key fix from Volker Kuhlmann 2007-01-03 06:51:17 +00:00
Seth Arnold
4dfe5804f3 openSUSE 10.2's sshd config, fix from Volker Kuhlmann 2007-01-03 06:49:36 +00:00
Steve Beattie
8d0e3d3efc Postfix tlsmgr in 10.2 uses some kind of connection caching stuff; 
without this fix, postfix that makes use of tls breaks. :-/
 2006-12-08 06:26:21 +00:00
Seth Arnold
db58677ca4 make the /dev/log w, dependency explicit, rather than rely on abstractions/base to provide it 2006-11-27 10:44:24 +00:00
Seth Arnold
f845643c0a [Bug 220331] syslog-ng cannot log news messages -- syslog-ng can easily log to other uids and gids 2006-11-27 10:21:07 +00:00
Seth Arnold
59213c936e Bug 220331 - syslog-ng cannot log news messages -- Apparently Stefan's syslog-ng configuration logs news events into a subdir of /var/log 2006-11-21 06:18:03 +00:00
Seth Arnold
5cfb51c6b2 Bug 221111 - ntpd needs access to /proc/net/if_inet6 2006-11-16 12:16:10 +00:00
Seth Arnold
f4b0f9fe28 disable netstat profile: 10.2 beta kernels require an ungrantable ptrace privilege 2006-11-16 12:00:00 +00:00
Seth Arnold
3b5cb9709e Bug 197186 - apparmor breaks openntpd -- apparently openntpd uses the same daemon name as the xntpd-supplied ntpd, but uses a different configuration file. no other details in the bug report, i hope this is sufficient 2006-11-14 11:17:22 +00:00
Seth Arnold
2c340e26a2 Bug 202095 - useradd / userdel profiles incomplete 2006-11-13 09:53:10 +00:00
Seth Arnold
5aacc30be4 Bug 219583 - rejecting w access for syslog-ng 2006-11-13 09:40:29 +00:00
Seth Arnold
6ac474b85e add 'm' access to /etc/ld.so.cache to fix bug 219580 -- still unknown why this access is necessary 2006-11-09 07:35:44 +00:00
Seth Arnold
11fffe3988 new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
Seth Arnold
bd0abb8929 remove the Px rules on ld.so; remove the ld.so profiles; remove the ldd profile. Use the 'm' rules to say which files can be mapped executable as sole source of 'read-doesn't-imply-execute raising the bar' 2006-11-05 08:37:48 +00:00
Steve Beattie
af33afe8f7 Convert the rest of the packages to symlinking in the common directory 
so that 'make dist' will work.
 2006-11-04 21:34:47 +00:00
Seth Arnold
a003664ef6 remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:52 +00:00
Seth Arnold
36db2bf010 remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
Seth Arnold
888bb58330 lost profile, not sure why it wasn't checked in earlier 2006-10-31 14:26:09 +00:00
Seth Arnold
86f5b210b9 https://bugzilla.novell.com/show_bug.cgi?id=178073 
add full /etc/postfix/*.db read access to all postfix programs. This is
just easier.
Also let the smtp portion write to the rewrite pipe.
 2006-10-18 20:13:42 +00:00
Steve Beattie
08651d770b [https://bugzilla.novell.com/show_bug.cgi?id=203557] 
Add support for python egg archives as well as python 2.5. Perhaps the
python version should be seperated into a variable?
 2006-09-11 21:17:43 +00:00
Seth Arnold
770d7d521e crispin noticed that this profile includes a pointless Px domain transition 2006-08-21 22:11:47 +00:00
Seth Arnold
dfa966cbdc r3528@dhcp-81: root | 2006-08-02 16:39:14 -0700 
fix 0-0 typo
 2006-08-04 18:14:15 +00:00
Seth Arnold
087c48b35e r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 
Fix up the m, U, and P stuff, and other misc fixes
 2006-08-04 18:13:59 +00:00
Steve Beattie
9249ffcd00 This patch adds two new make targets to the profiles package: 'check' 
and 'check-install'. The 'check' target will attempt to run the profiles
in the working subversion directory (both in enabled/ and extras/
directories) through the apparmor_parser as a means of sanity checking
the profiles.

The 'check-install' target will also run the 'check' target, only
against the installed location, modifiable by DESTDIR and EXTRASDIR (to
match the behavior of the 'install' target). It also will run logprof
(with an empty logfile) on the installation location, as logprof and the
parser have differing ideas of what is a valid profile :-( .

Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path'
will install the profiles into a location and cycle the parser and
logprof over the profiles in that

The 'check' target cannot run logprof as the subversion layout does not
conform to a hierarchy logprof can deal with. The limitations also mean
that logprof will not check the profiles in the extras/ directory.

There are other passable variables that impact the 'check' and
'check-install' targets:

  VERBOSE - setting this variable will emit the actual commands run,
	mostly useful for debugging where the implementation of 'check'
	has gone wrong.
  PARSER, LOGPROF - setting these with a path to a different parser or
  	logprof location will have the check targets use those version
	rather than the system utilities; e.g.
	"make check-install LOGPROF=../utils/logprof" to test a modified
	logprof in our current forge svn layout.
 2006-06-05 16:39:29 +00:00
Seth Arnold
6fda1df1a6 Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd profile 2006-05-18 21:32:29 +00:00
Seth Arnold
3ce2e3610c Bug 168035 - apparmor-profiles: lib.ld-2.2.so takes no care of x86_64 /lib/ld-2.4 -- s390x, ppc, ppc64 2006-05-05 17:48:20 +00:00
Seth Arnold
1270a03421 Bug 172670 - postfix doesn't deliver mails anymore after update from SLES9 2006-05-05 15:31:29 +00:00
Seth Arnold
daa4c2b1cb also document the post* profiles in the extras/README 2006-05-03 21:45:43 +00:00
Seth Arnold
0b7811057f oops, forgot to disable some of the other postfix helpers; postalias, postdrop, postmap, postqueue 2006-05-03 21:38:44 +00:00
Seth Arnold
feaeb486ec clean up the extras/README so that people can more easily see the point of the directory 2006-05-03 21:22:02 +00:00
Seth Arnold
ecb3d24bde remove all the complain mode flags from the postfix profiles (now in extras) 2006-05-03 20:41:27 +00:00
Seth Arnold
e5c47dfd15 eagle-eye darix spotted broken alternations in smtpd profile; the rules used to expand to /var/spool/postfixpublic/cleanup //public/cleanup now they expand to /var/spool/postfix/public/cleanup /public/cleanup 2006-05-03 20:33:59 +00:00
Seth Arnold
e2b220a59a force procmail to 'px' rather than 'ux' in the (now disabled) postfix profiles 2006-05-03 19:51:11 +00:00
Seth Arnold
a5bf394cc1 move squid from enabled to disabled; we've decided to turn it off too 2006-05-03 19:49:15 +00:00
Seth Arnold
d94da33747 move all the postfix programs to extras; we've decided to not turn them on by default 2006-05-03 19:48:45 +00:00