[apparmor] [patch] Allow both paths in traceroute profile
Christian Boltz
apparmor at cboltz.de
Thu Sep 29 19:34:21 UTC 2016
Hello,
in 2011 (r1803), the traceroute profile was changed to also match
/usr/bin/traceroute.db:
/usr/{sbin/traceroute,bin/traceroute.db} {
However, permissions for /usr/bin/traceroute.db were never added.
This patch fixes this.
While on it, also change the /usr/sbin/traceroute permissions from
rmix to the less confusing mrix.
I propose this patch for trunk, 2.10 and 2.9.
[ traceroute-both-paths.diff ]
=== modified file 'profiles/apparmor.d/usr.sbin.traceroute'
--- profiles/apparmor.d/usr.sbin.traceroute 2011-11-30 12:15:21 +0000
+++ profiles/apparmor.d/usr.sbin.traceroute 2016-09-29 19:30:25 +0000
@@ -20,7 +20,8 @@
network inet raw,
network inet6 raw,
- /usr/sbin/traceroute rmix,
+ /usr/sbin/traceroute mrix,
+ /usr/bin/traceroute.db mrix,
@{PROC}/net/route r,
# Site-specific additions and overrides. See local/README for details.
Regards,
Christian Boltz
--
[BILD] Als langjährig tätiger Strafverteidiger (und Fan von Volker
Pispers) muß ich jedoch dringend davor warnen, stinkende tote Fische in
dieses Freiexemplar der sogenannten "Zeitung" einzuwickeln. Weil das ein
Strafverfahren wegen Beleidigung zulasten des Fisches nach sich ziehen
könnte.
[http://www.kanzlei-hoenig.de/2012/keine-stinkende-tote-fische-im-briefkasten/]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160929/52e5c8f7/attachment-0001.pgp>
More information about the AppArmor
mailing list