mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor/profiles/extras
History
Christian Boltz 30679f7cc4
postfix-tlsmgr: allow reading openssl.cnf 
Seen/needed on openSUSE Tumbleweed
2023-02-07 12:48:33 +01:00
..
bin.netstat Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
chromium_browser rename firefox and chromium_browser profile files 2023-01-30 12:06:13 +01:00
etc.cron.daily.logrotate Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
etc.cron.daily.slocate.cron Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
etc.cron.daily.tmpwatch Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
firefox rename firefox and chromium_browser profile files 2023-01-30 12:06:13 +01:00
firefox.sh rename firefox and chromium_browser profile files 2023-01-30 12:06:13 +01:00
postfix-anvil Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-bounce Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-cleanup Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-discard Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-dnsblog Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-error Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-flush Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-lmtp Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-local Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-master Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-nqmgr Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-oqmgr Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-pickup Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-pipe Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-postscreen Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-proxymap Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-qmgr Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-qmqpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-scache Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-showq Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-smtp Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-smtpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-spawn Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-tlsmgr postfix-tlsmgr: allow reading openssl.cnf 2023-02-07 12:48:33 +01:00
postfix-trivial-rewrite Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-verify Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
postfix-virtual Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
README docs: update documentation to point bug reporting to gitlab 2020-05-05 00:10:53 -07:00
sbin.dhclient Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.dhclient-script Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.dhcpcd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.portmap Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.resmgrd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.rpc.lockd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
sbin.rpc.statd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.acroread Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.apropos Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.dumpcap Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.evolution-2.10 Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.fam Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.freshclam Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.gaim Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.man Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-bounce Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-maintd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-make-ml.sh Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-process Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-receive Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-recieve Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-send Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-sub Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.mlmmj-unsub Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.opera Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.passwd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.procmail Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.pyzorsocket Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.razorsocket Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.skype Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.spamc Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.svnserve Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.wireshark Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.bin.xfs Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.bonobo.bonobo-activation-server Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.evolution-data-server.evolution-data-server-1.10 Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.firefox.mozilla-xremote-client Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.GConf.2.gconfd-2 Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.man-db.man Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib.RealPlayer10.realplay Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.lib64.GConf.2.gconfd-2 Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.NX.bin.nxclient Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.clamd profiles: add clamd 2020-10-07 20:26:01 +02:00
usr.sbin.cupsd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.dhcpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.haproxy profiles: add haproxy 2020-10-07 20:26:01 +02:00
usr.sbin.httpd2-prefork Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.imapd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.in.fingerd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.in.ftpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.in.ntalkd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.ipop2d Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.ipop3d Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.lighttpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.mysqld Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.oidentd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.popper Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.postalias Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.postdrop Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.postmap Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.postqueue Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.sendmail Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.sendmail.postfix Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.sendmail.sendmail Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.spamd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.squid Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.sshd profiles: Add a hosts_access abstraction 2020-09-01 19:39:59 -07:00
usr.sbin.useradd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.userdel Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.vsftpd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00
usr.sbin.xinetd Ensure all profiles in extras/ have optional local include + comment 2023-01-30 00:54:30 -05:00

README 

The profiles in this directory are not turned on by default because they
are not as mature as the profiles in /etc/apparmor.d/.

In some cases, it is because the profile hasn't been updated to work
with newer code; in other cases, it because any benefit provided by the
profile is much less than the potential for causing problems.

In short, feel free to try these profiles if you wish, but be aware that
they may not work on default configurations, let alone your specific
configuration.

To use, for example, the postfix profiles, we recommend running commands
such as:

  # cd /usr/share/apparmor/extra-profiles/
  # cp *postfix* usr.sbin.post* /etc/apparmor.d/
  # cp usr.bin.procmail usr.sbin.sendmail /etc/apparmor.d/
  # aa-complain /etc/apparmor.d/*postfix*
  # aa-complain /etc/apparmor.d/usr.sbin.post*
  # aa-complain /etc/apparmor.d/usr.bin.procmail
  # aa-complain /etc/apparmor.d/usr.sbin.sendmail
  # rcpostfix restart
  # rcapparmor restart
    <use postfix>
  # aa-logprof
    <answer some questions>

Once you've used the profiles enough to feel confident that they will
work for your situation, then run commands such as the following:

  # aa-enforce /etc/apparmor.d/*postfix*
  # aa-enforce /etc/apparmor.d/usr.sbin.post*
  # aa-enforce /etc/apparmor.d/usr.bin.procmail
  # aa-enforce /etc/apparmor.d/usr.sbin.sendmail

You may use the aa-unconfined tool to make sure your profiles are
working as you expect.

Feedback on these unsupported profiles is welcomed; any
contributions for this directory should be clearly licensed
-- we recommend using the GPL. Please submit bug reports to the
AppArmor issue tracker at https://gitlab.com/apparmor/apparmor/-/issues
Please submit proposed changes as a merge request at
https://gitlab.com/apparmor/apparmor/merge_requests
Alternately, you may contact us via the apparmor@lists.ubuntu.com
mailing list: https://lists.ubuntu.com/mailman/listinfo/apparmor

Thanks