[apparmor] [patch] syslog-ng profile: allow /run/log/journal/
Christian Boltz
apparmor at cboltz.de
Tue Nov 10 23:56:19 UTC 2015
Hello,
syslog-ng needs to access both the permanent /var/log/journal/ and the
non-permanent /run/journal/.
I also included /var/run/journal/ to stay consistent with supporting
both /run/ and /var/run/.
I propose this patch for trunk and 2.9.
[ profiles-syslog-ng-run-log-journal.diff ]
=== modified file 'profiles/apparmor.d/sbin.syslog-ng'
--- profiles/apparmor.d/sbin.syslog-ng 2015-10-07 20:18:22 +0000
+++ profiles/apparmor.d/sbin.syslog-ng 2015-11-10 23:18:02 +0000
@@ -54,9 +54,9 @@
@{CHROOT_BASE}/var/log/** w,
@{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
@{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
- /var/log/journal/ r,
- /var/log/journal/*/ r,
- /var/log/journal/*/*.journal r,
+ /{var,var/run,run}/log/journal/ r,
+ /{var,var/run,run}/log/journal/*/ r,
+ /{var,var/run,run}/log/journal/*/*.journal r,
/{var/,}run/syslog-ng.ctl a,
/{var/,}run/syslog-ng/additional-log-sockets.conf r,
Regards,
Christian Boltz
--
hallern: Seine Linux-Distri so gut beherrschen, dass man alle
sicherheitsrelevatne Patches selber vornehmen und damit die Distri auch
ohne den Distributor aktuell halten kann -> s. Haller, David ;-)))
[Michael Höhne in suse-linux]
More information about the AppArmor
mailing list