[apparmor] [patch] syslog-ng profile: allow writing *.qf files
Christian Boltz
apparmor at cboltz.de
Thu Oct 13 10:33:42 UTC 2016
Hello,
$subject.
These files are needed for disk-based buffering (added in syslog-ng 3.8).
This was reported to me by Peter Czanik, one of the syslog-ng
developers.
Note: I'm not sure about adding @{CHROOT_BASE} to this rule, so for now
I prefer not to do it - adding it later is easy, but finding out if it
could be removed is hard ;-)
I propose this patch for trunk, 2.10 and 2.9.
[ syslog-ng-qf.diff ]
=== modified file 'profiles/apparmor.d/sbin.syslog-ng'
--- profiles/apparmor.d/sbin.syslog-ng 2015-11-11 15:44:47 +0000
+++ profiles/apparmor.d/sbin.syslog-ng 2016-10-13 10:26:38 +0000
@@ -48,6 +48,7 @@
/{usr/,}sbin/syslog-ng mr,
/sys/devices/system/cpu/online r,
/usr/share/syslog-ng/** r,
+ /var/lib/syslog-ng/syslog-ng-?????.qf rw,
# chrooted applications
@{CHROOT_BASE}/var/lib/*/dev/log w,
@{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
Regards,
Christian Boltz
--
>>Das dich das überrascht, überrascht mich jetzt aber :-)
> Das überrascht mich aber durchaus.
Überraschend.
[>> René Falk, > Ratti und Arno Lehmann in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161013/5d296db7/attachment.pgp>
More information about the AppArmor
mailing list