[apparmor] [patch] /var/log/lastlog k permission (wutmp-v-l-lastlog-k.diff)
Christian Boltz
apparmor at cboltz.de
Sat Aug 13 21:27:42 UTC 2011
Hello,
I'm trying to keep the "patches to review" queue long ;-)
Next attemp:
Re-reading my commit message from r1781 (the sshd profile patch), I
stumbled over this:
> - add /var/log/lastlog k
The sshd profile now has (shortened):
#include <abstractions/wutmp>
/var/log/lastlog k,
and abstractions/wutmp has (shortened):
/var/log/lastlog rw,
The k permission should be merged into abstractions/wutmp IMHO.
Proposed patch:
=== modified file 'profiles/apparmor.d/abstractions/wutmp'
--- profiles/apparmor.d/abstractions/wutmp
+++ profiles/apparmor.d/abstractions/wutmp
@@ -11,6 +11,6 @@
# some services update wtmp, utmp, and lastlog with per-user
# connection information
- /var/log/lastlog rw,
+ /var/log/lastlog rwk,
/var/log/wtmp wk,
/{,var/}run/utmp rwk,
=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.sshd'
--- profiles/apparmor/profiles/extras/usr.sbin.sshd
+++ profiles/apparmor/profiles/extras/usr.sbin.sshd
@@ -42,7 +42,6 @@
/proc/*/oom_score_adj rw,
/usr/sbin/sshd mrix,
/var/log/btmp r,
- /var/log/lastlog k,
/{,var/}run w,
/{,var/}run/sshd{,.init}.pid wl,
Regards,
Christian Boltz
--
Also, ich hab mit win3.11 (damals war ich 2 jahre alt) angefangen und
hab dann alle Win-versionen erlebt, bis xp. Das war entgültig zuviel.
Danach war Schluss. Jetzt nur noch SuSE Linux.
[Soeren Wengerowsky in suse-linux]
More information about the AppArmor
mailing list