[apparmor] [patch] syslog-ng profile: allow writing *.qf files
John Johansen
john.johansen at canonical.com
Thu Oct 13 18:27:21 UTC 2016
On 10/13/2016 03:33 AM, Christian Boltz wrote:
> Hello,
>
> $subject.
>
> These files are needed for disk-based buffering (added in syslog-ng 3.8).
> This was reported to me by Peter Czanik, one of the syslog-ng
> developers.
>
> Note: I'm not sure about adding @{CHROOT_BASE} to this rule, so for now
> I prefer not to do it - adding it later is easy, but finding out if it
> could be removed is hard ;-)
>
>
> I propose this patch for trunk, 2.10 and 2.9.
>
>
for both
Acked-by: John Johansen <john.johansen at canonical.com>
>
> [ syslog-ng-qf.diff ]
>
> === modified file 'profiles/apparmor.d/sbin.syslog-ng'
> --- profiles/apparmor.d/sbin.syslog-ng 2015-11-11 15:44:47 +0000
> +++ profiles/apparmor.d/sbin.syslog-ng 2016-10-13 10:26:38 +0000
> @@ -48,6 +48,7 @@
> /{usr/,}sbin/syslog-ng mr,
> /sys/devices/system/cpu/online r,
> /usr/share/syslog-ng/** r,
> + /var/lib/syslog-ng/syslog-ng-?????.qf rw,
> # chrooted applications
> @{CHROOT_BASE}/var/lib/*/dev/log w,
> @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
>
>
>
> Regards,
>
> Christian Boltz
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161013/6ece61fb/attachment.pgp>
More information about the AppArmor
mailing list