mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-07 01:41:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
2869 commits 23 branches 109 tags 32 MiB
Commit graph

17 commits

Author SHA1 Message Date
Jamie Strandboge
ac481f142e Allow /var/lib/extrausers/group and /var/lib/extrausers/passwd 'read' in order 
to work with libnss-extrausers

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2014-08-21 07:27:07 -05:00
Christian Boltz
dd3df80f01 abstractions/nameservice should allow /run/nscd/passwd etc. in addition 
to /var/run/nscd/passwd.

References: https://bugzilla.novell.com/show_bug.cgi?id=886225


Acked-by: Seth Arnold <seth.arnold@canonical.com> for both trunk and 2.8.
 2014-07-09 10:14:14 +02:00
Seth Arnold
37ecdcfce5 Description: Allow using sssd for group and password lookups 
Author: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Steve Beattie <steve@nxnw.org>

This was originally patch 0018-lp1056391.patch in the Ubuntu apparmor
packaging; Steve noticed the now-redundant line for /var/lib/sss/mc/passwd
so I removed that at the same time.
 2014-02-13 17:15:03 -08:00
Felix Geyer
6733da5fcd nameservice abstraction: read permission to avahi socket 
From: Felix Geyer <debfx@ubuntu.com>

AppArmor requires read and write permission to connect to
unix domain sockets but the nameservice abstraction only
grants write access to the avahi socket.
As a result mdns name resolution fails.

Acked-by: John Johansen <john.johansen@canonical.com>
 2014-01-26 12:16:54 -08:00
Steve Beattie
1cc0885890 Subject: profiles - use @{pid} tunable 
This patch adds the kernelvars tunable to the global set that is usually
included by default in apparmor policies. It then converts the rules
that are intended to match /proc/pid to use this tunable.

Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
 2013-01-02 15:34:38 -08:00
Christian Boltz
091ec763f9 split off abstractions/ldapclient from abstractions/nameservice 
Original openSUSE changelog entry:

Thu Jan  6 16:23:19 UTC 2011 - rhafer@suse.de

- Splitted ldap related things from nameservice into separate
  profile and added some missing paths (bnc#662761)
 2011-11-01 17:08:37 +01:00
Jamie Strandboge
20f117500f update for /var/run -> /run udev transition. For compatibility, distributions 
(eg Ubuntu) are providing a symlink from /var/run to /run, so our profiles
should handle both situations.
 2011-07-14 07:57:57 -05:00
Steve Beattie
83007d7600 Author: Jamie Strandboge <jamie@canonical.com>, 
Steve Langasek <steve.langasek@linaro.org>,
 Steve Beattie <sbeattie@ubuntu.com>
Description: add multiarch support to abstractions
Bug-Ubuntu: https://bugs.launchpad.net/bugs/736870

This patch add multiarch support for common shared library locations, as
well as a tunables file and directory to ease adding addiotional
multiarch paths.

Bug: https://launchpad.net/bugs/736870
 2011-03-23 12:24:11 -07:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Kees Cook
34f5510faf network interface enumeration 2010-06-04 17:44:59 -07:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
Seth Arnold
7486b2bbb0 Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server failed 2007-08-23 23:22:06 +00:00
Steve Beattie
4cc2f981a3 [https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/132468] 
Dur, I put the wrong entry for resolvconf in the nameservice
abstraction, fixing.
 2007-08-21 21:53:27 +00:00
Dominic Reynolds
cd007f1162 Updates for cups, add inet|inet6 dgram|stream to nameservice abstraction 2007-08-17 21:46:56 +00:00
Steve Beattie
1f0169a5f9 Launchpad bug #132468: Nameservice abstraction should also include 
/var/run/resolvconf/resolv.conf:

  The Nameservice abstraction configuration file
  (/etc/apparmor.d/abstractions/nameservice) permits reads access to
  (amongst other paths) /etc/resolv.conf.

  However, on systems using resolvconf, this is a symbolic link to
  /etc/resolvconf/run/resolv.conf -- where /etc/resolvconf/run itself
  is a symlink to /var/run/resolvconf.
 2007-08-14 14:50:09 +00:00
Seth Arnold
2e9a82868f Grand profile repository re-organization. Move directories around to 
make the final install layout match the layout in the repository (at
long last :) -- now we can use a single 'make check' target to check the
profiles in the repository against both apparmor_parser and logprof.
 2007-05-16 18:51:46 +00:00
Renamed from profiles/abstractions/nameservice (Browse further)