mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d
History
Mikhail Morfikov d4e0a94511 abstractions: Add missing rule in wutmp abstraction 
Currently the wutmp abstraction has the following rules:
  /var/log/lastlog  rwk,
  /var/log/wtmp     wk,
  @{run}/utmp       rwk,

According to what I see in my apparmor profiles, just a few apps want
to interact with the files listed above, especially with the
/var/log/wtmp . But when the apps do this, they sometimes want the
read access to this file. An example could be the last command. Is
there any reason for not having the r in the rule?  The second thing
is the file /var/log/btmp (which isn't included in the
abstracion). Whenever I see an app, which wants to access the
/var/log/wtmp file, it also tries to interact with the /var/log/btmp
file, for instance lightdm/sddm or su . Most of the time they need
just wk permissions, but sometimes apps need also r on this file, an
example could be the lastb command, which is just a link to last.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/152
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/724
Signed-off-by: John Johansen <john.johansen@canonical.com>
2021-03-14 11:50:43 -07:00
..
abi policy: Provide example and base abi to pin pre 3.0 policy 2020-08-28 12:57:00 -07:00
abstractions abstractions: Add missing rule in wutmp abstraction 2021-03-14 11:50:43 -07:00
apache2.d Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
local Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
tunables Introduce tunables/etc with @{etc_ro} and @{etc_rw} 2020-07-23 20:51:25 +02:00
bin.ping Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
lsb_release Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
nvidia_modprobe nvidia_modprobe: allow creating /dev/nvidia-modeset 2020-09-03 18:20:33 +03:00
php-fpm profiles: update profiles for the new proc attr interfaces 2020-09-18 04:07:24 -07:00
sbin.klogd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
sbin.syslog-ng profiles: Add a hosts_access abstraction 2020-09-01 19:39:59 -07:00
sbin.syslogd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.lib.apache2.mpm-prefork.apache2 Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.lib.dovecot.anvil add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.auth add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.config add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.deliver add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.dict Merge Dovecot profile updates 2020-06-12 21:23:22 +00:00
usr.lib.dovecot.director profiles: Add 3 more dovecot services 2020-10-07 20:26:01 +02:00
usr.lib.dovecot.doveadm-server profiles: Add 3 more dovecot services 2020-10-07 20:26:01 +02:00
usr.lib.dovecot.dovecot-auth add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.dovecot-lda profiles: Add a hosts_access abstraction 2020-09-01 19:39:59 -07:00
usr.lib.dovecot.imap profiles: Drop duplicate line 2020-10-07 20:12:45 +02:00
usr.lib.dovecot.imap-login add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.lmtp profiles: update profiles for the new proc attr interfaces 2020-09-18 04:07:24 -07:00
usr.lib.dovecot.log add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.managesieve add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.managesieve-login add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.pop3 add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.pop3-login add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.replicator profiles: Add 3 more dovecot services 2020-10-07 20:26:01 +02:00
usr.lib.dovecot.script-login Add dovecot-script-login profile 2020-09-27 16:26:28 +02:00
usr.lib.dovecot.ssl-params add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.lib.dovecot.stats add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
usr.sbin.apache2 Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.avahi-daemon Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.dnsmasq Revert "Merge dnsmasq: Permit access to /proc/self/fd/" 2020-10-19 20:29:43 +00:00
usr.sbin.dovecot dovecot: allow reading dh.pem 2020-10-25 19:30:10 +02:00
usr.sbin.identd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.mdnsd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.nmbd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.nscd Fix nscd conflict with systemd-homed 2021-02-11 22:53:07 -08:00
usr.sbin.ntpd usr.sbin.ntpd: add abstractions/ssl_certs 2021-01-28 08:50:25 +02:00
usr.sbin.smbd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.smbldap-useradd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.traceroute Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
usr.sbin.winbindd Change #include to include in active profiles 2020-06-09 23:30:24 +02:00