Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Tue May 2 12:01:12 CEST 2006.
--------
--- apparmor-profiles/apparmor-profiles.changes 2006-04-29 03:22:39.000000000 +0200
+++ NOARCH/apparmor-profiles/apparmor-profiles.changes 2006-05-02 03:35:07.000000000 +0200
@@ -1,0 +2,13 @@
+Tue May 2 03:34:44 CEST 2006 - srarnold@suse.de
+
+- Bug 165191 - named can't write slave zones
+- Bug 168581 - readaccess to /proc/meminfo not granted to nscd -- add
+ sysconf(3) files to abstractions/base
+- Bug 167798 - misc profile modifications from darix -- mlmmj, lighttpd,
+ oidentd profiles in extras/, new postfix helpers in complain mode
+ (enabled), split apart nameservice a little (non destructively), add new
+ abstractions for python, ruby, and php5, add web-data and
+ svn-repositories data-centric abstractions
+
+
+-------------------------------------------------------------------
Old:
----
apparmor-profiles-2.0-32.tar.gz
New:
----
apparmor-profiles-2.0-35.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.vN84x3/_old 2006-05-02 12:00:39.000000000 +0200
+++ /var/tmp/diff_new_pack.vN84x3/_new 2006-05-02 12:00:39.000000000 +0200
@@ -16,9 +16,9 @@
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Version: 2.0
-Release: 26
+Release: 29
Group: Productivity/Security
-Source0: %{name}-%{version}-32.tar.gz
+Source0: %{name}-%{version}-35.tar.gz
License: Other License(s), see package, GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -77,6 +77,15 @@
%preun
%changelog -n apparmor-profiles
+* Tue May 02 2006 - srarnold@suse.de
+- Bug 165191 - named can't write slave zones
+- Bug 168581 - readaccess to /proc/meminfo not granted to nscd -- add
+ sysconf(3) files to abstractions/base
+- Bug 167798 - misc profile modifications from darix -- mlmmj, lighttpd,
+ oidentd profiles in extras/, new postfix helpers in complain mode
+ (enabled), split apart nameservice a little (non destructively), add new
+ abstractions for python, ruby, and php5, add web-data and
+ svn-repositories data-centric abstractions
* Sat Apr 29 2006 - srarnold@suse.de
- Add a complain mode profile for postfix/pipe
* Sat Apr 29 2006 - srarnold@suse.de
++++++ apparmor-profiles-2.0-32.tar.gz -> apparmor-profiles-2.0-35.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/authentication new/apparmor-profiles-2.0/abstractions/authentication
--- old/apparmor-profiles-2.0/abstractions/authentication 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/abstractions/authentication 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: authentication 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: authentication 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -36,11 +36,9 @@
/etc/default/passwd r,
/etc/login.defs r,
- # pam_winbindd
- /tmp/.winbindd/pipe rw,
- /var/lib/samba/winbindd_privileged/pipe rw,
- /etc/samba/smb.conf r,
- /usr/lib/samba/valid.dat r,
- /usr/lib/samba/upcase.dat r,
- /usr/lib/samba/lowcase.dat r,
+ # nis
+ #include
+
+ # winbind
+ #include
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/base new/apparmor-profiles-2.0/abstractions/base
--- old/apparmor-profiles-2.0/abstractions/base 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/abstractions/base 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: base 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: base 34 2006-05-01 18:34:59Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -74,3 +74,8 @@
# Depending on which glibc routine uses this file, base may not be the
# best place -- but many profiles require it, and it is quite harmless.
/proc/sys/kernel/ngroups_max r,
+
+ # glibc's sysconf(3) routine to determine free memory, etc
+ /proc/meminfo r,
+ /proc/stat r,
+ /proc/cpuinfo r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/mdns new/apparmor-profiles-2.0/abstractions/mdns
--- old/apparmor-profiles-2.0/abstractions/mdns 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/mdns 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,14 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # mdnsd
+ /etc/nss_mdns.conf r,
+ /var/run/mdnsd w,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/mysql new/apparmor-profiles-2.0/abstractions/mysql
--- old/apparmor-profiles-2.0/abstractions/mysql 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/mysql 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,14 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /var/lib/mysql/mysql.sock rw,
+ /usr/share/mysql/charsets r,
+ /usr/share/mysql/charsets/*.xml r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/nameservice new/apparmor-profiles-2.0/abstractions/nameservice
--- old/apparmor-profiles-2.0/abstractions/nameservice 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/abstractions/nameservice 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: nameservice 26 2006-04-24 22:25:24Z seth_arnold $
+# $Id: nameservice 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -43,20 +43,12 @@
/usr/lib/libnss_*.so* r,
/etc/default/nss r,
- # NIS rules
- /var/yp/binding/* r,
- # portmapper may ask root processes to do nis/ldap at low ports
- capability net_bind_service,
-
- # pam_winbindd
- /tmp/.winbindd/pipe rw,
- /var/lib/samba/winbindd_privileged/pipe rw,
- /etc/samba/smb.conf r,
- /usr/lib/samba/valid.dat r,
- /usr/lib/samba/upcase.dat r,
- /usr/lib/samba/lowcase.dat r,
+ # nis
+ #include
+
+ # winbind
+ #include
# mdnsd
- /etc/nss_mdns.conf r,
- /var/run/mdnsd w,
+ #include
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/nis new/apparmor-profiles-2.0/abstractions/nis
--- old/apparmor-profiles-2.0/abstractions/nis 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/nis 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,16 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # NIS rules
+ /var/yp/binding/* r,
+ # portmapper may ask root processes to do nis/ldap at low ports
+ capability net_bind_service,
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/php5 new/apparmor-profiles-2.0/abstractions/php5
--- old/apparmor-profiles-2.0/abstractions/php5 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/php5 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,31 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # shared snippets for config files
+ /etc/php5/conf.d r,
+ /etc/php5/conf.d/*.ini r,
+
+ # fastcgi specific config
+ /etc/php5/fastcgi/php.ini r,
+
+ # Xlibs
+ /usr/X11R6/lib{64,}/lib*.so* r,
+ # php extensions
+ /usr/lib{64,}/php5/extensions/*.so r,
+
+ # php5 session mmap socket
+ /var/lib/php5/session_mm_* rwl,
+ # file based session handler
+ /var/lib/php5/sess_* rwl,
+
+ # php libraries
+ /usr/share/php r,
+ /usr/share/php/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/python new/apparmor-profiles-2.0/abstractions/python
--- old/apparmor-profiles-2.0/abstractions/python 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/python 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,20 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /usr/lib64/python2.4/**.{py,pyc,pth,so} r,
+ /usr/lib64/python2.4/site-packages r,
+ /usr/lib/python2.4/**.{py,pyc,pth,so} r,
+ /usr/lib/python2.4/site-packages r,
+
+ /usr/local/lib64/python2.4/**.{py,pyc,pth,so} r,
+ /usr/local/lib64/python2.4/site-packages r,
+ /usr/local/lib/python2.4/**.{py,pyc,pth,so} r,
+ /usr/local/lib/python2.4/site-packages r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/ruby new/apparmor-profiles-2.0/abstractions/ruby
--- old/apparmor-profiles-2.0/abstractions/ruby 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/ruby 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,40 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /usr/lib64/ruby/1.8 r,
+ /usr/lib64/ruby/1.8/*.rb r,
+ /usr/lib64/ruby/1.8/**/*.rb r,
+ /usr/lib64/ruby/1.8/*-linux/*.so r,
+ /usr/lib64/ruby/1.8/*-linux/**/*.so r,
+
+ /usr/lib64/ruby/site_ruby/1.8 r,
+ /usr/lib64/ruby/site_ruby/1.8/*.rb r,
+ /usr/lib64/ruby/site_ruby/1.8/**/*.rb r,
+ /usr/lib64/ruby/site_ruby/1.8/*-linux/*.so r,
+ /usr/lib64/ruby/site_ruby/1.8/*-linux/**/*.so r,
+
+ /usr/lib64/ruby/gems/1.8 r,
+ /usr/lib64/ruby/gems/1.8/** r,
+
+ /usr/lib/ruby/1.8 r,
+ /usr/lib/ruby/1.8/*.rb r,
+ /usr/lib/ruby/1.8/**/*.rb r,
+ /usr/lib/ruby/1.8/*-linux/*.so r,
+ /usr/lib/ruby/1.8/*-linux/**/*.so r,
+
+ /usr/lib/ruby/site_ruby/1.8 r,
+ /usr/lib/ruby/site_ruby/1.8/*.rb r,
+ /usr/lib/ruby/site_ruby/1.8/**/*.rb r,
+ /usr/lib/ruby/site_ruby/1.8/*-linux/*.so r,
+ /usr/lib/ruby/site_ruby/1.8/*-linux/**/*.so r,
+
+ /usr/lib/ruby/gems/1.8 r,
+ /usr/lib/ruby/gems/1.8/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/svn-repositories new/apparmor-profiles-2.0/abstractions/svn-repositories
--- old/apparmor-profiles-2.0/abstractions/svn-repositories 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/svn-repositories 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,53 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # This little snippet should abstract the read/write access to a repository.
+ # it is intended to be included in profiles for svnserve/apache2 and maybe
+ # some repository viewers like trac/viewvc
+
+ # no hooks exec by default; please define whatever you need explicitely.
+
+ /srv/svn/**/conf/* r,
+ /srv/svn/**/format r,
+ /srv/svn/**/db/fs-type r,
+ /srv/svn/**/db/format r,
+
+ # FSFS
+ /srv/svn/**/db/ r,
+ /srv/svn/**/db/uuid r,
+ /srv/svn/**/db/write-lock rwl,
+ /srv/svn/**/db/current rwl,
+ /srv/svn/**/db/current*.tmp rwl,
+ /srv/svn/**/db/revs r,
+ /srv/svn/**/db/revs/* rw,
+ /srv/svn/**/db/revprops r,
+ /srv/svn/**/db/revprops/* rw,
+ /srv/svn/**/db/transactions/** rw,
+
+ # BDB
+ /srv/svn/**/db/DB_CONFIG r,
+ /srv/svn/**/db/__db.[0-9]* rwl,
+ /srv/svn/**/db/log.[0-9]* rwl,
+ /srv/svn/**/db/nodes rwl,
+ /srv/svn/**/db/revisions rwl,
+ /srv/svn/**/db/transactions rwl,
+ /srv/svn/**/db/copies rwl,
+ /srv/svn/**/db/changes rwl,
+ /srv/svn/**/db/representations rwl,
+ /srv/svn/**/db/strings rwl,
+ /srv/svn/**/db/uuids rwl,
+ /srv/svn/**/db/locks rwl,
+ /srv/svn/**/db/lock-tokens rwl,
+
+ # temp files
+ /tmp/apr* rwl,
+ /var/tmp/apr* rwl,
+ /tmp/report*.tmp rwl,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/user-mail new/apparmor-profiles-2.0/abstractions/user-mail
--- old/apparmor-profiles-2.0/abstractions/user-mail 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/abstractions/user-mail 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-mail 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: user-mail 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -21,10 +21,5 @@
@{HOME}/mbox rw,
@{HOME}/inbox rw,
@{HOME}/.forward r,
-
- # location of configuration files -- maybe these should go elsewhere
- @{HOME}/.muttrc r,
- @{HOME}/.mutt_alias r,
- @{HOME}/.mailcap r,
- @{HOME}/.mime.types r,
-
+ @{HOME}/Maildir r,
+ @{HOME}/Maildir/** rw,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/web-data new/apparmor-profiles-2.0/abstractions/web-data
--- old/apparmor-profiles-2.0/abstractions/web-data 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/web-data 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,22 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /srv/www/htdocs/ r,
+ /srv/www/htdocs/** r,
+ # virtual hosting
+ /srv/www/vhosts/ r,
+ /srv/www/vhosts/** r,
+ # mod_userdir
+ @{HOME}/public_html/ r,
+ @{HOME}/public_html/** r,
+
+ /srv/www/rails/*/public/ r,
+ /srv/www/rails/*/public/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/winbind new/apparmor-profiles-2.0/abstractions/winbind
--- old/apparmor-profiles-2.0/abstractions/winbind 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/winbind 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # pam_winbindd
+ /tmp/.winbindd/pipe rw,
+ /var/lib/samba/winbindd_privileged/pipe rw,
+ /etc/samba/smb.conf r,
+ /usr/lib/samba/valid.dat r,
+ /usr/lib/samba/upcase.dat r,
+ /usr/lib/samba/lowcase.dat r,
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/apparmor-profiles.spec new/apparmor-profiles-2.0/apparmor-profiles.spec
--- old/apparmor-profiles-2.0/apparmor-profiles.spec 2006-04-29 03:20:13.000000000 +0200
+++ new/apparmor-profiles-2.0/apparmor-profiles.spec 2006-05-02 03:26:20.000000000 +0200
@@ -26,7 +26,7 @@
Version: 2.0
Release: 12
Group: Productivity/Security
-Source0: %{name}-%{version}-32.tar.gz
+Source0: %{name}-%{version}-35.tar.gz
License: GPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil new/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil 2006-05-02 03:26:14.000000000 +0200
@@ -23,8 +23,8 @@
/usr/lib/postfix/anvil rix,
/etc/postfix/main.cf r,
- /var/spool/postfix/private/anvil rw,
- /var/spool/postfix/pid/unix.anvil rw,
+ /{var/spool/postfix/,}private/anvil rw,
+ /{var/spool/postfix/,}pid/unix.anvil rw,
/proc/net/if_inet6 r,
/proc/sys/kernel/ngroups_max r,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.bounce new/apparmor-profiles-2.0/enabled/usr.lib.postfix.bounce
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.bounce 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.bounce 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.bounce 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -38,11 +38,11 @@
/{var/spool/postfix/,}trace/[0-9A-F]/[0-9A-F]* rwl,
/{var/spool/postfix/,}trace/[0-9A-F]* rwl,
/{var/spool/postfix/,}public/cleanup w,
+ /{var/spool/postfix/,}pid/unix.bounce rw,
+ /{var/spool/postfix/,}pid/unix.defer rw,
+ /{var/spool/postfix/,}pid/unix.trace rw,
/etc/postfix/main.cf r,
- /var/spool/postfix/pid/unix.bounce rw,
- /var/spool/postfix/pid/unix.defer rw,
- /var/spool/postfix/pid/unix.trace rw,
/proc/net/if_inet6 r,
/proc/sys/kernel/ngroups_max r,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.cleanup new/apparmor-profiles-2.0/enabled/usr.lib.postfix.cleanup
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.cleanup 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.cleanup 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.cleanup 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.cleanup 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -27,9 +27,9 @@
/{var/spool/postfix/,}incoming/[0-9A-F]* rwl,
/{var/spool/postfix/,}private/{rewrite,bounce} w,
/{var/spool/postfix/,}public/qmgr w,
+ /{var/spool/postfix/,}pid/unix.cleanup rw,
/etc/{m,fs}tab r,
/etc/postfix/* r,
/proc/sys/kernel/ngroups_max r,
/proc/{stat,cpuinfo} r,
- /var/spool/postfix/pid/unix.cleanup rw,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.discard new/apparmor-profiles-2.0/enabled/usr.lib.postfix.discard
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.discard 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.discard 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/lib/postfix/discard flags=(complain) {
+ #include
+
+ /usr/lib/postfix/discard r,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.error new/apparmor-profiles-2.0/enabled/usr.lib.postfix.error
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.error 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.error 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/error flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.flush new/apparmor-profiles-2.0/enabled/usr.lib.postfix.flush
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.flush 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.flush 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.flush 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.flush 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -41,6 +41,7 @@
/{var/spool/postfix/,}incoming/[a-z]/[a-z]* rwl,
/{var/spool/postfix/,}incoming/[a-z]* rwl,
/{var/spool/postfix/,}public/qmgr w,
+ /{var/spool/postfix/,}pid/unix.flush rw,
/etc/mtab r,
/etc/postfix/main.cf r,
/etc/postfix/virtual.db r,
@@ -49,6 +50,5 @@
/proc/stat r,
/proc/sys/kernel/ngroups_max r,
- /var/spool/postfix/pid/unix.flush rw,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.lmtp new/apparmor-profiles-2.0/enabled/usr.lib.postfix.lmtp
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.lmtp 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.lmtp 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/lmtp flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.local new/apparmor-profiles-2.0/enabled/usr.lib.postfix.local
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.local 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.local 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.local 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.local 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -23,6 +23,8 @@
/usr/lib/mailman/mail/mailman px,
/var/mailman/mail/wrapper px,
+ /usr/bin/mlmmj-recieve px,
+
/usr/lib/postfix/local rix,
/bin/bash ixr,
/bin/date ixr,
@@ -32,12 +34,12 @@
# mailman on SuSE is configed to have its own alias file
/var/lib/mailman/data/aliases.db r,
/proc/{cpuinfo,stat} r,
- /var/spool/postfix/active/[0-9A-F]/[0-9A-F]/* rw,
- /var/spool/postfix/active/[0-9A-F]/[0-9A-F]* rw,
- /var/spool/postfix/active/[0-9A-F]* rw,
- /var/spool/postfix/pid/unix.local rw,
- /var/spool/postfix/private/{bounce,defer,flush,rewrite} rw,
- /var/spool/postfix/public/{cleanup,flush} rw,
+ /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rw,
+ /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]* rw,
+ /{var/spool/postfix/,}active/[0-9A-F]* rw,
+ /{var/spool/postfix/,}pid/unix.local rw,
+ /{var/spool/postfix/,}private/{bounce,defer,flush,rewrite} rw,
+ /{var/spool/postfix/,}public/{cleanup,flush} rw,
/etc/postfix/virtual.db r,
/etc/postfix/lists.db r,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.master new/apparmor-profiles-2.0/enabled/usr.lib.postfix.master
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.master 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.master 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.master 29 2006-04-27 23:40:08Z seth_arnold $
+# $Id: usr.lib.postfix.master 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -22,10 +22,10 @@
capability dac_override,
/etc/postfix/master.cf r,
- /var/spool/postfix/pid/master.pid rw,
- /var/spool/postfix/private/* wl,
- /var/spool/postfix/private/tlsmgr rwl,
- /var/spool/postfix/public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl,
+ /{var/spool/postfix/,}pid/master.pid rw,
+ /{var/spool/postfix/,}private/* wl,
+ /{var/spool/postfix/,}private/tlsmgr rwl,
+ /{var/spool/postfix/,}public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl,
/usr/lib/postfix/anvil px,
/usr/lib/postfix/bounce px,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.oqmgr new/apparmor-profiles-2.0/enabled/usr.lib.postfix.oqmgr
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.oqmgr 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.oqmgr 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/lib/postfix/oqmgr flags=(complain) {
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.pickup new/apparmor-profiles-2.0/enabled/usr.lib.postfix.pickup
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.pickup 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.pickup 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.pickup 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.pickup 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -19,14 +19,10 @@
/usr/lib/postfix/pickup rix,
- /maildrop r,
- /maildrop/* rwl,
- /public/cleanup w,
- /public/pickup r,
/proc/sys/kernel/ngroups_max r,
- /var/spool/postfix/public/pickup r,
- /var/spool/postfix/maildrop r,
- /var/spool/postfix/maildrop/* rwl,
- /var/spool/postfix/public/cleanup w,
+ /{var/spool/postfix/,}public/cleanup w,
+ /{var/spool/postfix/,}public/pickup r,
+ /{var/spool/postfix/,}maildrop r,
+ /{var/spool/postfix/,}maildrop/* rwl,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmqpd new/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmqpd
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmqpd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmqpd 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/qmqpd flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.showq new/apparmor-profiles-2.0/enabled/usr.lib.postfix.showq
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.showq 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.showq 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.showq 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.showq 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -51,7 +51,7 @@
/{var/spool/postfix/,}incoming/[0-0A-F]* r,
/{var/spool/postfix/,}maildrop r,
/{var/spool/postfix/,}maildrop/[0-9A-F]* r,
- /proc/sys/kernel/ngroups_max r,
- /var/spool/postfix/pid/unix.showq rw,
+ /{var/spool/postfix/,}pid/unix.showq rw,
+ /proc/sys/kernel/ngroups_max r,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.smtp 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.smtp 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -26,19 +26,20 @@
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]* rwl,
/{var/spool/postfix/,}active/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}private/anvil w,
/{var/spool/postfix/,}private/bounce w,
/{var/spool/postfix/,}private/defer w,
/{var/spool/postfix/,}private/scache w,
/{var/spool/postfix/,}private/tlsmgr w,
/{var/spool/postfix/,}private/trace w,
/{var/spool/postfix/,}public/flush w,
+ /{var/spool/postfix/,}pid/unix.smtp rw,
+ /{var/spool/postfix/,}pid/unix.relay rw,
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/prng_exch rw,
/proc/sys/kernel/ngroups_max r,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/share/ssl/openssl.cnf r,
- /var/spool/postfix/pid/unix.smtp rw,
- /var/spool/postfix/pid/unix.relay rw,
/etc/postfix/virtual.db r,
/etc/postfix/sasl_passwd.db r,
/etc/mtab r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.spawn new/apparmor-profiles-2.0/enabled/usr.lib.postfix.spawn
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.spawn 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.spawn 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/spawn flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.tlsmgr new/apparmor-profiles-2.0/enabled/usr.lib.postfix.tlsmgr
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.tlsmgr 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.tlsmgr 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.lib.postfix.tlsmgr 35 2006-05-02 01:25:47Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -20,5 +20,5 @@
/etc/postfix/prng_exch rw,
/proc/sys/kernel/ngroups_max r,
/usr/lib/postfix/tlsmgr r,
- /var/spool/postfix/private/tlsmgr r,
+ /{var/spool/postfix/,}private/tlsmgr r,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.verify new/apparmor-profiles-2.0/enabled/usr.lib.postfix.verify
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.verify 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.verify 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/verify flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.virtual new/apparmor-profiles-2.0/enabled/usr.lib.postfix.virtual
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.virtual 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.virtual 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,19 @@
+# $Id: usr.lib.postfix.bounce 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/lib/postfix/virtual flags=(complain) {
+ #include
+ #include
+ #include
+ #include
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.sbin.named new/apparmor-profiles-2.0/enabled/usr.sbin.named
--- old/apparmor-profiles-2.0/enabled/usr.sbin.named 2006-04-29 03:12:08.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.sbin.named 2006-05-02 03:26:14.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.sbin.named 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: usr.sbin.named 33 2006-05-01 18:32:36Z seth_arnold $
#
# ------------------------------------------------------------------
#
@@ -34,4 +34,5 @@
/var/run/named.pid wl,
/var/run/named/named.pid wl,
/var/run/ndc wl,
+ /slave/tmp-* rw,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-bounce new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-bounce
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-bounce 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-bounce 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,23 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-bounce {
+ #include
+
+ /usr/bin/mlmmj-bounce r,
+ /usr/bin/mlmmj-send px,
+ /var/spool/mlmmj/*/subconf/* rwl,
+ /var/spool/mlmmj/*/queue/* rwl,
+
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-maintd new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-maintd
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-maintd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-maintd 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,37 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-maintd {
+ #include
+
+ capability setuid,
+
+ /usr/bin/mlmmj-maintd r,
+ /usr/bin/mlmmj-send px,
+
+ /var/spool/mlmmj r,
+ /var/spool/mlmmj/*/bounce r,
+ /var/spool/mlmmj/*/index r,
+ /var/spool/mlmmj/*/lastdigest rw,
+ /var/spool/mlmmj/*/maintdlog-* lrw,
+ /var/spool/mlmmj/*/mlmmj-maintd.lastrun.log w,
+ /var/spool/mlmmj/*/moderation r,
+ /var/spool/mlmmj/*/archive/* r,
+ /var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/queue r,
+ /var/spool/mlmmj/*/queue/* rwl,
+ /var/spool/mlmmj/*/requeue r,
+ /var/spool/mlmmj/*/subconf r,
+ /var/spool/mlmmj/*/unsubconf r,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-make-ml.sh new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-make-ml.sh
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-make-ml.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-make-ml.sh 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,45 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-make-ml.sh {
+ #include
+ #include
+ #include
+ #include
+
+ capability sys_admin,
+
+ /usr/bin/mlmmj-make-ml.sh r,
+
+ # some shell tools are needed
+ /bin/domainname ix,
+ /bin/hostname ix,
+ /bin/bash ix,
+ /bin/cp ixr,
+ /bin/mkdir ixr,
+ /bin/touch ixr,
+ /usr/bin/which ixr,
+ # if mkdir cant read the current work directory it jumps into /
+ # allow reading that dir.
+ / r,
+
+ # skeleton data
+ /usr/share/mlmmj/text.skel r,
+ /usr/share/mlmmj/text.skel/** r,
+
+ # spool dirs
+ /var/spool r,
+ /var/spool/mlmmj rw,
+ /var/spool/mlmmj/** w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-process new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-process
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-process 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-process 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,30 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-process {
+ #include
+
+ /usr/bin/mlmmj-process r,
+ /usr/bin/mlmmj-send px,
+ /usr/bin/mlmmj-sub px,
+ /usr/bin/mlmmj-unsub px,
+ /usr/bin/mlmmj-bounce px,
+ /var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/text/* r,
+ /var/spool/mlmmj/*/incoming/* rwl,
+ /var/spool/mlmmj/*/queue/* rwl,
+ /var/spool/mlmmj/*/subconf/* rwl,
+ /var/spool/mlmmj/*/unsubconf/* rwl,
+ /var/spool/mlmmj/*/mlmmj.operation.log rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-recieve new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-recieve
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-recieve 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-recieve 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,21 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-recieve {
+ #include
+
+ /usr/bin/mlmmj-process px,
+ /usr/bin/mlmmj-recieve r,
+ /var/spool/mlmmj/*/incoming/* w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-send new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-send
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-send 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-send 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,26 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-send {
+ #include
+ #include
+
+ /usr/bin/mlmmj-send r,
+ /var/spool/mlmmj/*/archive/* w,
+ /var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/index rw,
+ /var/spool/mlmmj/*/queue/* lrw,
+ /var/spool/mlmmj/*/subscribers.d r,
+ /var/spool/mlmmj/*/subscribers.d/* r,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-sub new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-sub
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-sub 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-sub 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,29 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-sub {
+ #include
+
+ capability setuid,
+
+ /usr/bin/mlmmj-send px,
+ /usr/bin/mlmmj-sub r,
+ /var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/queue/* w,
+ /var/spool/mlmmj/*/subconf/* w,
+ /var/spool/mlmmj/*/subscribers.d rw,
+ /var/spool/mlmmj/*/subscribers.d/* rw,
+ /var/spool/mlmmj/*/subscribers.d/.d.lock lw,
+ /var/spool/mlmmj/*/text/* r,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-unsub new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-unsub
--- old/apparmor-profiles-2.0/extras/usr.bin.mlmmj-unsub 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.bin.mlmmj-unsub 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,28 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/bin/mlmmj-unsub {
+ #include
+
+ /usr/bin/mlmmj-unsub r,
+ /usr/bin/mlmmj-send px,
+ /var/spool/mlmmj/*/control/* r,
+ /var/spool/mlmmj/*/text/* r,
+ /var/spool/mlmmj/*/subscribers.d r,
+ /var/spool/mlmmj/*/subscribers.d/* r,
+
+ /var/spool/mlmmj/*/queue/* rwl,
+ /var/spool/mlmmj/*/unsubconf/* rwl,
+ /var/spool/mlmmj/*/subscribers.d/* rwl,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.sbin.lighttpd new/apparmor-profiles-2.0/extras/usr.sbin.lighttpd
--- old/apparmor-profiles-2.0/extras/usr.sbin.lighttpd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.sbin.lighttpd 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,59 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/sbin/lighttpd {
+ #include
+ #include
+ #include
+
+ # needed to change max file descriptors
+ capability sys_resource,
+
+ # network service ;)
+ capability net_bind_service,
+
+ # changing the uid/gid on startup
+ capability setgid,
+ capability setuid,
+
+ /proc/sys/kernel/ngroups_max r,
+
+ /etc/lighttpd r,
+ /etc/lighttpd/*.conf r,
+ /etc/lighttpd/conf.d/*.conf r,
+ /etc/lighttpd/auth.d/* r,
+ /etc/lighttpd/vhosts.d r,
+ /etc/lighttpd/vhosts.d/* r,
+ /usr/sbin/lighttpd ix,
+
+ /usr/lib/lighttpd/*.so r,
+ /usr/lib64/lighttpd/*.so r,
+
+ /etc/ssl/private/*.pem r,
+ # home dir. e.g. used for sockets.
+ /var/lib/lighttpd/ r,
+ /var/lib/lighttpd/** rwl,
+ # mod_compress cache
+ /var/cache/lighttpd/ r,
+ /var/cache/lighttpd/** rwl,
+ # pid
+ /var/run/lighttpd.pid rwl,
+ # log files
+ /var/log/lighttpd/*.log rw,
+ # include_shell
+ /bin/bash ix,
+ /bin/zsh ix,
+ /bin/cat ix,
+}
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/extras/usr.sbin.oidentd new/apparmor-profiles-2.0/extras/usr.sbin.oidentd
--- old/apparmor-profiles-2.0/extras/usr.sbin.oidentd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/extras/usr.sbin.oidentd 2006-05-02 03:26:14.000000000 +0200
@@ -0,0 +1,31 @@
+# $Id: usr.lib.postfix.tlsmgr 12 2006-04-12 21:35:41Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include
+
+/usr/sbin/oidentd {
+ #include
+ #include
+
+ capability net_bind_service,
+ capability dac_override,
+ capability dac_read_search,
+
+ /etc/oidentd.conf r,
+ /etc/oidentd_masq.conf r,
+ /proc/net/tcp r,
+ /proc/net/tcp6 r,
+
+ # spoofing feature of oidentd
+ @{HOME}/.ispoof r,
+ @{HOME}/.oidentd.conf r,
+}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...