[opensuse-factory] AppArmor
Hello, When I last tested syslog-ng with AppArmor (during 12.1 testing phase), it worked perfectly. Now I just found, that one capability is missing from /etc/apparmor.d/sbin.syslog-ng: capability dac_read_search, Question: is it possible to add this fix to 12.1? Or just factory? (as far as I can see, mostly Tumbleweed users ran into this) Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Donnerstag, 5. Januar 2012 schrieb Peter Czanik:
When I last tested syslog-ng with AppArmor (during 12.1 testing phase), it worked perfectly. Now I just found, that one capability is missing from /etc/apparmor.d/sbin.syslog-ng:
capability dac_read_search,
man 7 capabilities says: CAP_DAC_READ_SEARCH Bypass file read permission checks and directory read and execute permission checks. It would be interesting which file or directory causes this - any ideas? Nevertheless I sent a patch upstream - syslog-ng has already dac_override, so dac_read_search doesn't add too much.
Question: is it possible to add this fix to 12.1? Or just factory?
I already have collected some other profile patches [1], and upstream got some more. I plan to submit an update for 12.1 that updates to AppArmor 2.7.0 final (12.1 comes with 2.7 rc1) + all changes from the 2.7 branch - or even to 2.7.1 if I can convience upstream to do a release.
(as far as I can see, mostly Tumbleweed users ran into this)
I didn't see any bugreport about this - therefore: see .sig... ;-)) Regards, Christian Boltz PS: non-random sig today ;-) [1] see changelog in security:apparmor:factory apparmor package for details, SR to Factory is pending -- Always file a bug: if it's not in Bugzilla, then it's not there ;) [Pascal Bleser in opensuse-factory] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Christian Boltz
-
Peter Czanik