mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-08 18:31:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d
History
Christian Boltz 4b34c77a39 Split off various permissions from the httpd2-prefork profile to 
abstractions/apache2-common. Additionally, add read permissions
for /**/.htaccess and /dev/urandom to apache2-common.

The patch is based on a profile abstraction from darix. I made some 
things more strict (compared to darix' profile), and OTOH added some 
things that are needed on my servers.

*** BACKWARDS-INCOMPATIBLE CHANGES ***

^HANDLING_UNTRUSTED_INPUT
- don't allow /.htaccess (.htaccess files in subdirectories are still allowed)
- don't allow *.htaccess files (the old /**.htaccess rule was too generous)
2012-01-05 23:28:17 +01:00
..
abstractions Split off various permissions from the httpd2-prefork profile to 2012-01-05 23:28:17 +01:00
apache2.d update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
local exported smbd files need to have 'k' to work properly with certain applications 2010-09-14 14:12:49 -05:00
program-chunks as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
tunables Fix multi-arch comment tyop, thanks to Kees for pointing it out. 2011-03-23 13:44:51 -07:00
bin.ping start on 'local/' mechanism to aid in packaging: 2010-08-05 14:00:02 -05:00
sbin.klogd This commit adds "capability syslog" to the syslogd and syslog-ng 2011-08-19 00:27:03 +02:00
sbin.syslog-ng sbin.syslog-ng profile: 2011-09-15 21:21:57 +02:00
sbin.syslogd This commit adds "capability syslog" to the syslogd and syslog-ng 2011-08-19 00:27:03 +02:00
usr.lib.apache2.mpm-prefork.apache2 start on 'local/' mechanism to aid in packaging: 2010-08-05 14:00:02 -05:00
usr.lib.dovecot.deliver Dovecot profile update: 2011-08-27 01:12:10 +02:00
usr.lib.dovecot.dovecot-auth Cleanup no longer necessary wutmp permission now that it's covered by 2011-08-26 18:51:03 -07:00
usr.lib.dovecot.imap Dovecot profile update: 2011-08-27 01:12:10 +02:00
usr.lib.dovecot.imap-login update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.lib.dovecot.managesieve-login update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.lib.dovecot.pop3 Dovecot profile update: 2011-08-27 01:12:10 +02:00
usr.lib.dovecot.pop3-login update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.avahi-daemon Author: Felix Geyer 2012-01-03 17:26:00 -06:00
usr.sbin.dnsmasq dnsmasq's TFTP server provides read-only access. 2011-12-17 12:20:53 -05:00
usr.sbin.dovecot allow read access for /proc/*/mounts in the dovecot profile 2011-10-12 13:05:00 +02:00
usr.sbin.identd update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.mdnsd update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.nmbd Add permissions needed for Active Directory authentification to Samba 2011-08-27 20:50:42 +02:00
usr.sbin.nscd Add capability setuid and setgid to nscd profile. Needed by unscd 2011-08-24 00:57:42 +02:00
usr.sbin.ntpd From: Jeff Mahoney <jeffm@suse.com> 2011-08-08 22:16:06 +02:00
usr.sbin.smbd smbd needs read access to /etc/netgroup. 2011-12-29 17:34:01 +01:00
usr.sbin.traceroute /usr/sbin/traceroute6 is a symlink to /usr/sbin/traceroute. 2011-11-30 13:15:21 +01:00