mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/extras
History
Seth Arnold 2c340e26a2 Bug 202095 - useradd / userdel profiles incomplete
2006-11-13 09:53:10 +00:00
..
etc.cron.daily.logrotate r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
etc.cron.daily.slocate.cron r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
etc.cron.daily.tmpwatch r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.bin.evolution-2.4 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.bin.gaim r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.lib.bonobo.bonobo-activation-server r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.lib.GConf.2.gconfd-2 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
README r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.dhclient r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.dhcpcd crispin noticed that this profile includes a pointless Px domain transition 2006-08-21 22:11:47 +00:00
sbin.portmap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.resmgrd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
sbin.rpc.lockd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.rpc.statd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.apropos r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.fam r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.freshclam new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
usr.bin.man remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.bin.mlmmj-bounce r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-maintd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-make-ml.sh r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-process r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-recieve r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-send darix noticed I had forgotten the svn:keywords property on all my new files and cut-n-waste was blaming steve for all these files 2006-05-02 21:41:28 +00:00
usr.bin.mlmmj-sub r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-unsub r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.opera r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.procmail r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.spamc Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
usr.bin.svnserve Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.lib.firefox.firefox-bin r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.firefox.firefox.sh r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.firefox.mozilla-xremote-client r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.man-db.man r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.openldap.slapd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.anvil r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.bounce r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.cleanup r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.discard r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.error r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.flush r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.lmtp r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.local r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.master r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.nqmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.oqmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.pickup r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.pipe r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.proxymap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.qmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.qmqpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.scache r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.showq r3528@dhcp-81: root | 2006-08-02 16:39:14 -0700 2006-08-04 18:14:15 +00:00
usr.lib.postfix.smtp https://bugzilla.novell.com/show_bug.cgi?id=178073 2006-10-18 20:13:42 +00:00
usr.lib.postfix.smtpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.spawn r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.tlsmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.trivial-rewrite r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.verify r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.virtual new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
usr.lib.RealPlayer10.realplay remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.NX.bin.nxclient r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.dhcpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.httpd2-prefork remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.sbin.imapd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.in.fingerd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.in.ftpd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.in.ntalkd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.ipop2d r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.ipop3d r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.lighttpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.mysqld Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
usr.sbin.nmbd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.oidentd darix noticed I had forgotten the svn:keywords property on all my new files and cut-n-waste was blaming steve for all these files 2006-05-02 21:41:28 +00:00
usr.sbin.popper lost profile, not sure why it wasn't checked in earlier 2006-10-31 14:26:09 +00:00
usr.sbin.postalias r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.postdrop r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.postmap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.postqueue r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sendmail r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sendmail.postfix r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sendmail.sendmail r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.smbd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.spamd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.squid r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sshd remove the Px rules on ld.so; remove the ld.so profiles; remove the ldd profile. Use the 'm' rules to say which files can be mapped executable as sole source of 'read-doesn't-imply-execute raising the bar' 2006-11-05 08:37:48 +00:00
usr.sbin.useradd Bug 202095 - useradd / userdel profiles incomplete 2006-11-13 09:53:10 +00:00
usr.sbin.userdel Bug 202095 - useradd / userdel profiles incomplete 2006-11-13 09:53:10 +00:00
usr.sbin.vsftpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.xinetd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.X11R6.bin.acroread r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.X11R6.bin.ethereal remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.X11R6.bin.xfs r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00

README 

The profiles in this directory are not turned on by default because they
are not as mature as the profiles in /etc/apparmor.d/.

In some cases, it is because the profile hasn't been updated to work
with newer code; in other cases, it because any benefit provided by the
profile is much less than the potential for causing problems.

In short, feel free to try these profiles if you wish, but be aware that
they may not work on default configurations, let alone your specific
configuration.

To use, for example, the postfix profiles, we recommend running commands
such as:

  # cd /etc/apparmor/profiles/extras
  # mv *postfix* usr.sbin.post* /etc/apparmor.d/
  # mv usr.bin.procmail usr.sbin.sendmail /etc/apparmor.d/
  # aa-complain /etc/apparmor.d/*postfix*
  # aa-complain /etc/apparmor.d/usr.sbin.post*
  # aa-complain /etc/apparmor.d/usr.bin.procmail
  # aa-complain /etc/apparmor.d/usr.sbin.sendmail
  # rcpostfix restart
  # rcapparmor restart
    <use postfix>
  # aa-logprof
    <answer some questions>

Once you've used the profiles enough to feel confident that they will
work for your situation, then run commands such as the following:

  # aa-enforce /etc/apparmor.d/*postfix*
  # aa-enforce /etc/apparmor.d/usr.sbin.post*
  # aa-enforce /etc/apparmor.d/usr.bin.procmail 
  # aa-enforce /etc/apparmor.d/usr.sbin.sendmail

You may use the aa-unconfined tool to make sure your profiles are
working as you expect.

Feedback on these unsupported profiles is welcomed; any
contributions for this directory should be clearly licensed
-- we recommend using the GPL. Please mail suggestions or
modifications to the apparmor-general@forge.novell.com mail list:
http://forge.novell.com/mailman/listinfo/apparmor-general

Thanks