[apparmor] Ubuntu profile for squid3
Jamie Strandboge
jamie at canonical.com
Thu May 3 19:46:51 UTC 2012
On Tue, 2012-05-01 at 22:27 -0400, Simon Deziel wrote:
> Hi all,
>
> Please find attached a profile for squid3 that I've used in production
> for about a month without problem. It was not tested with external auth
> providers so it would be good if others could test this part.
>
> Note that the profile is compatible with the squid-deb-proxy package
> that I also use in production.
>
> Thanks for reviewing/commenting,
ACK, though I did add a squidguard child profile:
# squidguard
/usr/bin/squidGuard Cx -> squidguard,
profile squidguard {
#include <abstractions/base>
/etc/squid/squidGuard.conf r,
/var/log/squid{,3}/squidGuard.log w,
/var/lib/squidguard/** rw,
# squidguard by default uses /var/log/squid as its logdir, however, we
# don't want it to modify squid's logs, only its own. Explicitly deny
# writes to squid's files but allow all others since the user may specify
# anything via the squidGuard 'log' directive.
/var/log/squid{,3}/* rw,
audit deny /var/log/squid{,3}/{access,cache,store}.log* w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.squid3>
}
I also added a 2nd profile for usr.sbin.squid that just does
's/squid3/squid/'. I tested this via the initscript and squidclient.
Thanks!
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120503/b758573d/attachment.pgp>
More information about the AppArmor
mailing list