[ubuntu-hardened] a question
Martin Schulz
mschulz45 at googlemail.com
Wed Dec 11 21:48:51 UTC 2013
On 11.12.2013 22:29, js at johest.de wrote:
> So,
>
> i just started on an apparmor profile for postgresql, which seemed not
> to be in progress (according to website). As i dont know how to
> "upload" it, i will attach it to the mail.
>
> Is my first try so please dont kill me.
>
> I guess i need to improve on the several libaries and mask the version
> numbers, or is there any guide for that, regarding the lifetime and
> the expectet version changes within an release? The profile is working
> so far, apparmor doesnt complain and postgresql is working.
>
> Cheers
>
> Jörg
>
> On 11.12.2013 09:00, js at johest.de wrote:
>> Hey folks,
>>
>> i hope this email finds you well :-)
>>
>> I just have a (hopefully) short question, regarding the getting
>> involved page, are the topics uptodate? I am looking for an entry
>> point to participate but currently i get lost within the pages without
>> seeing any status of the topics.
>>
>> Cheers
>>
>> Jörg
>
>
First of all, congratualation for a working Profile,
one Problem with such ACL's in general is that erveryone might have
different needs,
so such profiles can merely be more than a default... FAR better than
nothing, but
a bummer for an unexperienced user, they will simply disable apparmor as
a whole.
I like such defaults in other cases too, so thanks for your effort.
Secondly masking is one way, but if you want to stay on with this, you
could rather create
a tool (macro>script) that automates such on your machine and merge it with
update/upgrade, so there is the correct profile ever, until a lib dies
and it's needs
being handelt different This way things could be automated. Nice to see
though
that you go in such things, maybe have an own Server first hand so people
can benefit "on their own risk" ? This one might be worth blogging
http://bodhizazen.net/aa-profiles/ .... And by the way, do you have a Nick
on Freenode ?
Martin Schulz, DasEi, clapping hands..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20131211/9fc250d7/attachment.html>
More information about the ubuntu-hardened
mailing list