[apparmor] [patch] Update mlmmj profiles
Christian Boltz
apparmor at cboltz.de
Mon Nov 7 17:09:46 UTC 2016
Hello,
this patch updates the mlmmj profiles in the extras directory to the
profiles that are used on lists.opensuse.org now. Besides adding lots
of trailing slashes for directories, several permissions were added.
Also, usr.bin.mlmmj-receive gets added - it seems upstream renamed
mlmmj-recieve to fix a typo.
These profiles were provided by Per Jessen.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1000201
I propose this patch for trunk, 2.10 and 2.9.
In trunk, I'd also like to delete the mlmmj-recieve profile (for the
misnamed binary), but I tend to keep it in 2.10 and 2.9 to avoid
regressions.
[ mlmmj.diff ]
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce 2016-11-07 16:49:35 +0000
@@ -16,7 +16,24 @@
/usr/bin/mlmmj-bounce r,
/usr/bin/mlmmj-send Px,
+ /usr/bin/mlmmj-maintd Px,
+ /var/spool/mlmmj/*/subscribers.d/ r,
+ /var/spool/mlmmj/*/subscribers.d/* r,
+ /var/spool/mlmmj/*/subconf rwl, #
/var/spool/mlmmj/*/subconf/* rwl,
+ /var/spool/mlmmj/*/queue rwl, #
/var/spool/mlmmj/*/queue/* rwl,
-
+ /var/spool/mlmmj/*/bounce/ rwl,
+
+ /var/spool/mlmmj/*/nomailsubs.d/ r,
+ /var/spool/mlmmj/*/nomailsubs.d/* r,
+ /var/spool/mlmmj/*/digesters.d/ r,
+ /var/spool/mlmmj/*/digesters.d/* r,
+
+ /var/spool/mlmmj/*/bounce/* rw,
+
+ /var/spool/mlmmj/*/unsubconf/* w,
+
+ /usr/share/mlmmj/text.skel/*/* r,
+ /var/spool/mlmmj/*/control/* r,
}
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd 2016-11-07 16:49:47 +0000
@@ -18,19 +18,34 @@
/usr/bin/mlmmj-maintd r,
/usr/bin/mlmmj-send Px,
+ /usr/bin/mlmmj-bounce Px,
+ /usr/bin/mlmmj-unsub Px,
- /var/spool/mlmmj r,
- /var/spool/mlmmj/*/bounce r,
+ /var/spool/mlmmj/ r,
+ /var/spool/mlmmj/* r, #
+ /var/spool/mlmmj/*/bounce/ r,
+ /var/spool/mlmmj/*/bounce/* rw,
/var/spool/mlmmj/*/index r,
- /var/spool/mlmmj/*/lastdigest rw,
+ /var/spool/mlmmj/*/lastdigest rwk,
/var/spool/mlmmj/*/maintdlog-* lrw,
/var/spool/mlmmj/*/mlmmj-maintd.lastrun.log w,
- /var/spool/mlmmj/*/moderation r,
+ /var/spool/mlmmj/*/moderation/ r,
+ /var/spool/mlmmj/*/moderation/* w,
+ /var/spool/mlmmj/*/archive/ r,
/var/spool/mlmmj/*/archive/* r,
+ /var/spool/mlmmj/*/control/ r,
/var/spool/mlmmj/*/control/* r,
- /var/spool/mlmmj/*/queue r,
- /var/spool/mlmmj/*/queue/* rwl,
- /var/spool/mlmmj/*/requeue r,
- /var/spool/mlmmj/*/subconf r,
- /var/spool/mlmmj/*/unsubconf r,
+ /var/spool/mlmmj/*/queue/ r,
+ /var/spool/mlmmj/*/queue/** rwl,
+ /var/spool/mlmmj/*/requeue/ r,
+ /var/spool/mlmmj/*/requeue/* rw,
+ /var/spool/mlmmj/*/requeue/*/ rw,
+ /var/spool/mlmmj/*/subconf/ r,
+ /var/spool/mlmmj/*/subconf/* rw,
+ /var/spool/mlmmj/*/unsubconf/ r,
+ /var/spool/mlmmj/*/unsubconf/* rw,
+
+ /usr/share/mlmmj/text.skel/*/digest r,
+ /var/spool/mlmmj/*/mlmmj.operation.log rwk,
+
}
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-process'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-process 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-process 2016-11-07 16:50:03 +0000
@@ -19,11 +19,27 @@
/usr/bin/mlmmj-sub Px,
/usr/bin/mlmmj-unsub Px,
/usr/bin/mlmmj-bounce Px,
+ # skeleton data
+ /usr/share/mlmmj/text.skel/ r,
+ /usr/share/mlmmj/text.skel/*/* r,
+
/var/spool/mlmmj/*/control/* r,
/var/spool/mlmmj/*/text/* r,
/var/spool/mlmmj/*/incoming/* rwl,
- /var/spool/mlmmj/*/queue/* rwl,
+ /var/spool/mlmmj/*/queue/** rwl,
/var/spool/mlmmj/*/subconf/* rwl,
/var/spool/mlmmj/*/unsubconf/* rwl,
- /var/spool/mlmmj/*/mlmmj.operation.log rw,
+ /var/spool/mlmmj/*/mlmmj.operation.log rwk,
+ /var/spool/mlmmj/*/mlmmj.operation.log.rotated w,
+
+ /var/spool/mlmmj/*/nomailsubs.d/ r,
+ /var/spool/mlmmj/*/nomailsubs.d/* r,
+ /var/spool/mlmmj/*/subscribers.d/ r,
+ /var/spool/mlmmj/*/subscribers.d/* r,
+ /var/spool/mlmmj/*/digesters.d/ r,
+ /var/spool/mlmmj/*/digesters.d/* r,
+
+ /var/spool/mlmmj/*/moderation/* rw,
+ /etc/mlmmj/text/*/* r,
+
}
=== added file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive 1970-01-01 00:00:00 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive 2016-11-07 16:50:13 +0000
@@ -0,0 +1,21 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+/usr/bin/mlmmj-receive {
+ #include <abstractions/base>
+
+ /usr/bin/mlmmj-process Px,
+ /usr/bin/mlmmj-receive r,
+ /var/spool/mlmmj/*/incoming/ rw,
+ /var/spool/mlmmj/*/incoming/* rw,
+}
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-send'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-send 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-send 2016-11-07 16:53:17 +0000
@@ -18,8 +18,13 @@
/usr/bin/mlmmj-send r,
/var/spool/mlmmj/*/archive/* w,
/var/spool/mlmmj/*/control/* r,
- /var/spool/mlmmj/*/index rw,
- /var/spool/mlmmj/*/queue/* lrw,
- /var/spool/mlmmj/*/subscribers.d r,
+ /var/spool/mlmmj/*/index rwk,
+ /var/spool/mlmmj/*/queue/* klrw,
+ /var/spool/mlmmj/*/subscribers.d/ r,
/var/spool/mlmmj/*/subscribers.d/* r,
+
+ /var/spool/mlmmj/*/digesters.d/ r,
+
+ /var/spool/mlmmj/*/moderation/* rwk,
+
}
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-07 16:56:10 +0000
@@ -18,11 +18,23 @@
/usr/bin/mlmmj-send Px,
/usr/bin/mlmmj-sub r,
+ /var/spool/mlmmj/*/control/ r,
/var/spool/mlmmj/*/control/* r,
- /var/spool/mlmmj/*/queue/* w,
- /var/spool/mlmmj/*/subconf/* w,
- /var/spool/mlmmj/*/subscribers.d rw,
- /var/spool/mlmmj/*/subscribers.d/* rw,
- /var/spool/mlmmj/*/subscribers.d/.d.lock lw,
+ /var/spool/mlmmj/*/queue/ rw,
+ /var/spool/mlmmj/*/queue/* rw,
+ /var/spool/mlmmj/*/subconf/ rw,
+ /var/spool/mlmmj/*/subconf/* rw,
+ /var/spool/mlmmj/*/subscribers.d/ rw,
+ /var/spool/mlmmj/*/subscribers.d/* rwk,
+ /var/spool/mlmmj/*/text/ r, #
/var/spool/mlmmj/*/text/* r,
+
+ /usr/share/mlmmj/text.skel/*/* r,
+
+ /var/spool/mlmmj/*/nomailsubs.d/ rw,
+ /var/spool/mlmmj/*/nomailsubs.d/* rwk,
+
+ /var/spool/mlmmj/*/digesters.d/ rw,
+ /var/spool/mlmmj/*/digesters.d/* rwk,
+
}
=== modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub'
--- profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub 2010-12-20 20:29:10 +0000
+++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub 2016-11-07 16:50:52 +0000
@@ -16,12 +16,25 @@
/usr/bin/mlmmj-unsub r,
/usr/bin/mlmmj-send Px,
+ /var/spool/mlmmj/*/control/ r,
/var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/text/ r,
/var/spool/mlmmj/*/text/* r,
- /var/spool/mlmmj/*/subscribers.d r,
- /var/spool/mlmmj/*/subscribers.d/* r,
+ /var/spool/mlmmj/*/queue/ rwl,
/var/spool/mlmmj/*/queue/* rwl,
+ /var/spool/mlmmj/*/unsubconf/ rwl,
/var/spool/mlmmj/*/unsubconf/* rwl,
- /var/spool/mlmmj/*/subscribers.d/* rwl,
+ /var/spool/mlmmj/*/subscribers.d/ rw,
+ /var/spool/mlmmj/*/subscribers.d/* rwk,
+
+ /var/spool/mlmmj/*/nomailsubs.d/ rw,
+ /var/spool/mlmmj/*/nomailsubs.d/* rwk,
+
+ /var/spool/mlmmj/*/digesters.d/ rw,
+ /var/spool/mlmmj/*/digesters.d/* rwk,
+
+ /usr/share/mlmmj/text.skel/*/* r,
+ /etc/mlmmj/text/*/finish r,
+
}
Regards,
Christian Boltz
--
Man kann nicht Leuten helfen, die nicht verraten, was sie wollen.
Das ist so sexy wie zum Arzt zu gehen und nicht zu verraten, wo es
weh tut. [Peer Heinlein in mailman-de]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161107/c1c7da64/attachment.pgp>
More information about the AppArmor
mailing list