mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 00:41:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor/profiles/extras
History
Alexis Grey 387e487699 Allow mysqld directory for MySQL PID file 
Some distros, like Debian, use mysqld instead of mysql as the run directory.
2020-01-28 22:10:50 +00:00
..
bin.netstat netstat: allow capability sys_ptrace, 2017-12-22 21:43:54 +01:00
etc.cron.daily.logrotate Update /etc/cron.daily/logrotate profile 2017-01-11 18:34:37 +01:00
etc.cron.daily.slocate.cron Adjust white-space back to "tabular style" and make one merged-/usr related rule look like the others. 2016-12-07 20:00:06 +01:00
etc.cron.daily.tmpwatch as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
postfix.anvil adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.bounce Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.cleanup Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.discard adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.dnsblog adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.error adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.flush adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.lmtp adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.local adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.master postfix/master needs to execute postfix/error 2019-06-20 14:37:46 +02:00
postfix.nqmgr adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.oqmgr adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.pickup adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.pipe adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.postscreen adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.proxymap Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.qmgr Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.qmqpd adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.scache adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.showq Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.smtp Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.smtpd Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.spawn adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.tlsmgr adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.trivial-rewrite Add several permissions to the postfix.* profiles 2019-06-02 18:39:43 +02:00
postfix.verify adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
postfix.virtual adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
README Consistently point to the current (Launchpad) issue tracker. 2018-08-02 14:46:14 +00:00
sbin.dhclient dhclient: Add path for Fedora/RHEL/CentOS/Oracle Linux 2018-12-18 01:38:43 +01:00
sbin.dhclient-script Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
sbin.dhcpcd Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
sbin.portmap Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
sbin.resmgrd Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
sbin.rpc.lockd Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
sbin.rpc.statd sbin.rpc.statd: updated comment to reflect use of prctl() 2018-08-13 10:23:28 -07:00
usr.bin.acroread Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.apropos Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.dumpcap usr.bin.dumpcap: drop useless/redundant rules 2018-07-17 17:12:44 -04:00
usr.bin.evolution-2.10 Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.fam as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.bin.freshclam update freshclam profile 2019-06-14 01:05:16 -07:00
usr.bin.gaim Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.man extra profiles: allow man to read itsself 2014-12-02 20:18:30 +01:00
usr.bin.mlmmj-bounce Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.mlmmj-maintd Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.mlmmj-make-ml.sh Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.mlmmj-process Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.mlmmj-receive Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.mlmmj-recieve Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.mlmmj-send mlmmj-send-profile: allow reading digesters.d/* 2018-04-14 21:25:09 +00:00
usr.bin.mlmmj-sub mlmmj-sub: fix moderated subscription 2018-02-22 22:57:51 +01:00
usr.bin.mlmmj-unsub Add m permissions to mlmmj profiles 2016-11-09 19:44:35 +01:00
usr.bin.opera Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.bin.passwd profiles: update usr.bin.passwd profile 2014-12-01 10:23:45 -08:00
usr.bin.procmail update lots of profiles for usrMerge 2016-12-09 19:54:30 +01:00
usr.bin.skype skype profile: allow reading @{PROC}/@{pid}/net/dev 2015-07-28 01:15:31 +02:00
usr.bin.spamc Grand profile repository re-organization. Move directories around to 2007-05-16 18:51:46 +00:00
usr.bin.svnserve as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.bin.wireshark usr.bin.wireshark: allow saving pcaps with optional gzip compression 2018-07-17 17:26:34 -04:00
usr.bin.xfs update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.lib.bonobo.bonobo-activation-server fix up bonobo-activation-server with rmix access to itself 2007-06-11 04:13:19 +00:00
usr.lib.evolution-data-server.evolution-data-server-1.10 as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.lib.firefox.firefox Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.lib.firefox.firefox.sh Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.lib.firefox.mozilla-xremote-client first step in replacing /opt/gnome with more sensible paths -- next step, renaming 2007-06-11 04:07:41 +00:00
usr.lib.GConf.2.gconfd-2 as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.lib.man-db.man artiom suggested a man fix for postgresql's manpages 2017-08-22 11:27:31 -07:00
usr.lib.RealPlayer10.realplay Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.lib64.GConf.2.gconfd-2 as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.NX.bin.nxclient Adjust white-space back to "tabular style" and make one merged-/usr related rule look like the others. 2016-12-07 20:00:06 +01:00
usr.sbin.cupsd Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.sbin.dhcpd dhcpd: Support correct path for lease file on IPv6 2018-12-18 01:38:55 +01:00
usr.sbin.httpd2-prefork Split off various permissions from the httpd2-prefork profile to 2012-01-05 23:28:17 +01:00
usr.sbin.imapd From: Jeff Mahoney <jeffm@suse.com> 2011-08-08 22:22:03 +02:00
usr.sbin.in.fingerd usr.sbin.in.fingerd: needs lock access on /run/utmp. 2018-08-01 17:37:11 -04:00
usr.sbin.in.ftpd update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.in.ntalkd update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.ipop2d From: Jeff Mahoney <jeffm@suse.com> 2011-08-08 22:22:03 +02:00
usr.sbin.ipop3d From: Jeff Mahoney <jeffm@suse.com> 2011-08-08 22:22:03 +02:00
usr.sbin.lighttpd usr.sbin.lighttpd: minor updates, added Debian/Ubuntu integration. 2018-08-01 17:39:17 -04:00
usr.sbin.mysqld Allow mysqld directory for MySQL PID file 2020-01-28 22:10:50 +00:00
usr.sbin.oidentd as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.sbin.popper as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
usr.sbin.postalias allow locking /etc/aliases.db 2018-10-25 20:59:25 +02:00
usr.sbin.postdrop profiles/postdrop: Allow reading from pickup socket 2018-11-30 14:38:57 +01:00
usr.sbin.postmap profiles: move postfix-common to abstractions/ 2014-06-26 21:32:56 -07:00
usr.sbin.postqueue adjust postfix profiles for openSUSE path 2019-06-02 18:39:43 +02:00
usr.sbin.sendmail extra profiles: delete duplicated lines in usr.sbin.sendmail 2014-12-02 20:19:22 +01:00
usr.sbin.sendmail.postfix profiles: move postfix-common to abstractions/ 2014-06-26 21:32:56 -07:00
usr.sbin.sendmail.sendmail update for /var/run -> /run udev transition. For compatibility, distributions 2011-07-14 07:57:57 -05:00
usr.sbin.spamd Make policy compatible with merged-/usr. 2016-12-03 10:59:01 +01:00
usr.sbin.squid Subject: profiles - use @{pid} tunable 2013-01-02 15:34:38 -08:00
usr.sbin.sshd usr.sbin.sshd: need write access to Kerberos ticket cache. 2018-08-01 17:39:30 -04:00
usr.sbin.useradd Patch usr.sbin.useradd to support usr-merge. 2018-07-27 17:05:00 +01:00
usr.sbin.userdel Remove duplicate rule from userdel profiles 2017-07-28 12:51:50 +02:00
usr.sbin.vsftpd extra profiles: update vsftpd profiles 2014-12-02 20:20:37 +01:00
usr.sbin.xinetd Adjust white-space back to "tabular style" and make one merged-/usr related rule look like the others. 2016-12-07 20:00:06 +01:00

README 

The profiles in this directory are not turned on by default because they
are not as mature as the profiles in /etc/apparmor.d/.

In some cases, it is because the profile hasn't been updated to work
with newer code; in other cases, it because any benefit provided by the
profile is much less than the potential for causing problems.

In short, feel free to try these profiles if you wish, but be aware that
they may not work on default configurations, let alone your specific
configuration.

To use, for example, the postfix profiles, we recommend running commands
such as:

  # cd /usr/share/apparmor/extra-profiles/
  # cp *postfix* usr.sbin.post* /etc/apparmor.d/
  # cp usr.bin.procmail usr.sbin.sendmail /etc/apparmor.d/
  # aa-complain /etc/apparmor.d/*postfix*
  # aa-complain /etc/apparmor.d/usr.sbin.post*
  # aa-complain /etc/apparmor.d/usr.bin.procmail
  # aa-complain /etc/apparmor.d/usr.sbin.sendmail
  # rcpostfix restart
  # rcapparmor restart
    <use postfix>
  # aa-logprof
    <answer some questions>

Once you've used the profiles enough to feel confident that they will
work for your situation, then run commands such as the following:

  # aa-enforce /etc/apparmor.d/*postfix*
  # aa-enforce /etc/apparmor.d/usr.sbin.post*
  # aa-enforce /etc/apparmor.d/usr.bin.procmail
  # aa-enforce /etc/apparmor.d/usr.sbin.sendmail

You may use the aa-unconfined tool to make sure your profiles are
working as you expect.

Feedback on these unsupported profiles is welcomed; any
contributions for this directory should be clearly licensed
-- we recommend using the GPL. Please submit bug reports to the
AppArmor issue tracker at https://bugs.launchpad.net/apparmor/+filebug
Please submit proposed changes as a merge request at
https://gitlab.com/apparmor/apparmor/merge_requests
Alternately, you may contact us via the apparmor@lists.ubuntu.com
mailing list: https://lists.ubuntu.com/mailman/listinfo/apparmor

Thanks