https://bugzilla.novell.com/show_bug.cgi?id=857122
https://bugzilla.novell.com/show_bug.cgi?id=857122#c2
Lars Vogdt
The profile is included in the nagios-plugins-zypper package - Lars, please take over ;-)
Jip, thanks Christian for the analysis :-)
BTW: apparmor-abstractions-zypp contains some superfluous lines: /etc/zypp/repos.d/ r, /etc/zypp/repos.d/*.repo r, /etc/zypp/services.d/ r, /etc/zypp/services.d/*.repo r,
Those lines are all covered by /etc/zypp/** r,
Agreed, thanks for the tip.
BTW2: Instead of your apparmor-abstractions-ssl, you might want to use abstractions/ssl_certs and abstractions/openssl. Note that this doesn't cover /proc/sys/crypto/fips_enabled r, (is this something that should be added to the upstream abstractions/openssl, or is it unrelated?)
You are right: the current profile contains abstractions that should better go into the relevant packages (apparmor-abstractions-zypp is just another example here). But to be honest, I did not find the time to ping the other package maintainers to integrate them or better: start to create some apparmor profiles for their packages. The "/proc/sys/crypto/fips_enabled r," should IMHO be integrated in the upstream abstractions/openssl as this is not critical if you run without FIPS, but it will produce a lot of log entries on systems like SLES that are FIPS aware. I need to find a way (via "%if 0%{?suse_version}" in the spec file) to provide the correct files for all current (open)SUSE distributions... after that, I will request a maintenance update for the package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.