From 3ba204a635cae2bcffb41578eb822f4acba23345 Mon Sep 17 00:00:00 2001 From: Alex Murray Date: Wed, 22 Jan 2025 15:01:36 +1030 Subject: [PATCH] profiles/apparmor.d/tinyproxy: clarify use of local override Add comments to the profile to explain the use of the local override if the default configuration is changed. As suggested by @rlee287. Signed-off-by: Alex Murray --- profiles/apparmor.d/tinyproxy | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/profiles/apparmor.d/tinyproxy b/profiles/apparmor.d/tinyproxy index 530b709d7..b17500c1a 100644 --- a/profiles/apparmor.d/tinyproxy +++ b/profiles/apparmor.d/tinyproxy @@ -18,7 +18,6 @@ profile tinyproxy /usr/bin/tinyproxy { include include - file rw /run/tinyproxy/tinyproxy.pid, # to provide flexibility, when run as a root tinyproxy may need to run files # owned by other users and similarly when run as an unprivileged user allow # tinyproxy to bind to privileged ports @@ -29,9 +28,16 @@ profile tinyproxy /usr/bin/tinyproxy { file mr /usr/bin/tinyproxy, file r @{etc_ro}/tinyproxy/tinyproxy.conf, - file rw /var/log/tinyproxy/tinyproxy.log, + # tinyproxy.conf allows to configure the locations of various files that will + # be written to by tinyproxy including ErrorFile, DefaultErrorFile, LogFile, + # and StatFile as well as PidFile. This profile allows tinyproxy to write to + # the default locations but if these are changed in the configuration file, + # additional rules should be added to the /etc/apparmor.d/local/tinyproxy file + # to allow this access + file rw /run/tinyproxy/tinyproxy.pid, # PidFile + file rw /var/log/tinyproxy/tinyproxy.log, # LogFile - file r /usr/share/tinyproxy/*, + file r /usr/share/tinyproxy/*, #ErrorFile, DefaultErrorFile, StatFile etc network inet stream, network inet6 stream,