[apparmor] [patch] several updates for profiles/extras
Christian Boltz
apparmor at cboltz.de
Mon Apr 11 10:01:33 UTC 2011
Hello,
Am Sonntag, 3. April 2011 schrieb Christian Boltz:
> Am Sonntag, 3. April 2011 schrieb Kees Cook:
> > Some things jumped out at me...
It looks they didn't jump too much - given the lack of feedback... ;-)
I'd really like to avoid the "1 week timeout" rule when commiting
profile modifications - therefore: please review them!
I am attaching an updated patch. It contains changes for bin.netstat (as
discussed in the previous mail) and usr.bin.freshclam (more strict
rules), the other profiles are unchanged compared to my first patch.
The following question is still open:
> The first freshclam and logprof run showed me why I changed to ** - I
> now have 30 rules for files in /var/lib/clamav ;-)
> I could merge most of those rules to
> owner /var/lib/clamav/clamav-*/clamav-*/daily.* rw,
> Would that be OK for you?
And to make it easier, you can apply the following:
> BTW: Even if I posted everything in a collective patch, feel free to
> ACK/NAK per profile. I can then commit the ACKed files and post the
> remaining profiles after updating them.
Regards,
Christian Boltz
--
Super-PC von IBM - der erste 486er im Test
[Titelseite der Chip 8/1989]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: profiles-extras2.diff
Type: text/x-patch
Size: 6840 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110411/fc448d21/attachment.bin>
More information about the AppArmor
mailing list