[apparmor] [PATCH] allow writes to systemd journal socket
Steve Beattie
steve at nxnw.org
Wed Jan 21 18:48:34 UTC 2015
On Wed, Jan 21, 2015 at 11:08:27AM -0600, Jamie Strandboge wrote:
> Subject says it all.
> Author: Jamie Strandboge <jamie at canonical.com>
> Description: Allow writes to /{,var}/run/systemd/journal/dev-log, the systemd
> journal socket. On Debian and Ubuntu systems, /dev/log is a symlink to
> /run/systemd/journal/dev-log, so this access is now required in the base
> abstraction to maintain current behavior.
Hrm, I don't see this in my recently created jessie vm, but it sound
reasonable.
Acked-by: Steve Beattie <steve at nxnw.org> for trunk and 2.9.
> Bug: https://bugs.launchpad.net/apparmor/+bug/1413232
> === modified file 'profiles/apparmor.d/abstractions/base'
> --- profiles/apparmor.d/abstractions/base 2014-10-08 20:18:34 +0000
> +++ profiles/apparmor.d/abstractions/base 2015-01-21 16:31:15 +0000
> @@ -32,6 +32,7 @@
> /usr/share/zoneinfo/ r,
> /usr/share/zoneinfo/** r,
> /usr/share/X11/locale/** r,
> + /{,var/}run/systemd/journal/dev-log w,
>
> /usr/lib{,32,64}/locale/** mr,
> /usr/lib{,32,64}/gconv/*.so mr,
>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150121/7ca5ffd3/attachment.pgp>
More information about the AppArmor
mailing list