mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
d64797e4c3
The AppArmor kernel now checks for both read and write permissions when a process calls connect() on a UNIX domain socket. The patch updates four abstractions that were found to be needing changes after the change in AF_UNIX kernel mediation. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
18 lines
714 B
Text
18 lines
714 B
Text
# vim:syntax=apparmor
|
|
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2009-2012 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# discoverable system configuration for non-local cupsd
|
|
/etc/cups/client.conf r,
|
|
# client should be able to talk the local cupsd
|
|
/{,var/}run/cups/cups.sock rw,
|
|
# client should be able to read user-specified cups configuration
|
|
owner @{HOME}/.cups/client.conf r,
|
|
owner @{HOME}/.cups/lpoptions r,
|