mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Merge Ensure all profiles in extras/ have optional local include + comment

Browse Source 
Recently got bitten by `usr.sbin.lighttpd` not having the local include, so I figured I'd bring all the `extras/` profiles up to parity.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/974
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>


(cherry picked from commit 8895e00ef1)

d0e32a32 Ensure all profiles in extras/ have optional local include + comment
This commit is contained in:
Christian Boltz
2023-01-30 10:16:06 +00:00
parent aee9bf56c0
commit 57fec9624d
100 changed files with 277 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
profiles/apparmor/profiles/extras/bin.netstat
View File

@@ -46,4 +46,7 @@ profile netstat /{usr/,}bin/netstat {
@{PROC}/@{pid}/net/udplite r,
@{PROC}/@{pid}/net/udplit6 r,
@{PROC}/@{pid}/net/unix r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bin.netstat>
}

3
profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
View File

@@ -74,4 +74,7 @@ include <tunables/global>
/var/spool/slrnpull/ wr,
/var/spool/slrnpull/log* wrl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/etc.cron.daily.logrotate>
}

3
profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
View File

@@ -25,4 +25,7 @@ include <tunables/global>
/usr/bin/slocate mixr,
/usr/bin/renice mixr,
/** r ,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/etc.cron.daily.slocate.cron>
}

3
profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
View File

@@ -22,4 +22,7 @@ include <tunables/global>
/var/cache/man*/** r,
/var/tmp r,
/var/tmp/** rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/etc.cron.daily.tmpwatch>
}

3
profiles/apparmor/profiles/extras/postfix-anvil
View File

@@ -23,4 +23,7 @@ profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
/etc/postfix/main.cf r,
/{var/spool/postfix/,}private/anvil rw,
/{var/spool/postfix/,}pid/unix.anvil rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-anvil>
}

3
profiles/apparmor/profiles/extras/postfix-bounce
View File

@@ -47,4 +47,7 @@ profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
/{var/spool/postfix/,}pid/unix.bounce rwk,
/{var/spool/postfix/,}pid/unix.defer rwk,
/{var/spool/postfix/,}pid/unix.trace rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-bounce>
}

3
profiles/apparmor/profiles/extras/postfix-cleanup
View File

@@ -38,4 +38,7 @@ profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
/etc/{m,fs}tab r,
/etc/postfix/* r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-cleanup>
}

3
profiles/apparmor/profiles/extras/postfix-discard
View File

@@ -18,4 +18,7 @@ profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard {
include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}discard mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-discard>
}

3
profiles/apparmor/profiles/extras/postfix-dnsblog
View File

@@ -19,4 +19,7 @@ profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog {
/usr/lib/postfix/{bin/,sbin/,}dnsblog mrix,
/var/spool/postfix/private/dnsblog rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-dnsblog>
}

2
profiles/apparmor/profiles/extras/postfix-error
View File

@@ -26,4 +26,6 @@ profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error {
/var/spool/postfix/pid/unix.retry rwk,
owner /var/spool/postfix/private/defer w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-error>
}

2
profiles/apparmor/profiles/extras/postfix-flush
View File

@@ -40,4 +40,6 @@ profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
@{HOME}/.forward r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-flush>
}

2
profiles/apparmor/profiles/extras/postfix-lmtp
View File

@@ -24,4 +24,6 @@ profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp {
/var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.lmtp rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-lmtp>
}

3
profiles/apparmor/profiles/extras/postfix-local
View File

@@ -44,4 +44,7 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
/{var/spool/postfix/,}public/{cleanup,flush} rw,
# deliver mail
/var/mail/* wk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-local>
}

3
profiles/apparmor/profiles/extras/postfix-master
View File

@@ -58,4 +58,7 @@ profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
/usr/lib/postfix/{bin/,sbin/,}trivial-rewrite Px,
owner /var/lib/postfix/master.lock rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-master>
}

3
profiles/apparmor/profiles/extras/postfix-nqmgr
View File

@@ -45,4 +45,7 @@ profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
/{var/spool/postfix/,}private/local w,
/{var/spool/postfix/,}public/flush w,
/{var/spool/postfix/,}public/qmgr r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-nqmgr>
}

3
profiles/apparmor/profiles/extras/postfix-oqmgr
View File

@@ -20,4 +20,7 @@ profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr {
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}oqmgr mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-oqmgr>
}

3
profiles/apparmor/profiles/extras/postfix-pickup
View File

@@ -24,4 +24,7 @@ profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup {
/{var/spool/postfix/,}public/pickup r,
/{var/spool/postfix/,}maildrop/ r,
/{var/spool/postfix/,}maildrop/* rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-pickup>
}

2
profiles/apparmor/profiles/extras/postfix-pipe
View File

@@ -27,4 +27,6 @@ profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe {
/var/spool/postfix/private/rewrite w,
/var/spool/postfix/private/trace w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-pipe>
}

3
profiles/apparmor/profiles/extras/postfix-postscreen
View File

@@ -16,4 +16,7 @@ profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen {
include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}postscreen mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-postscreen>
}

3
profiles/apparmor/profiles/extras/postfix-proxymap
View File

@@ -23,4 +23,7 @@ profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
/etc/my.cnf r,
/usr/lib/postfix/{bin/,sbin/,}proxymap mrix,
/{var/spool/postfix/,}private/proxymap rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-proxymap>
}

3
profiles/apparmor/profiles/extras/postfix-qmgr
View File

@@ -51,4 +51,7 @@ profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
/{var/spool/postfix/,}private/smtp w,
/{var/spool/postfix/,}private/trace w,
/{var/spool/postfix/,}private/uucp w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-qmgr>
}

3
profiles/apparmor/profiles/extras/postfix-qmqpd
View File

@@ -19,4 +19,7 @@ profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd {
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}qmqpd mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-qmqpd>
}

3
profiles/apparmor/profiles/extras/postfix-scache
View File

@@ -21,4 +21,7 @@ profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache {
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}scache mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-scache>
}

3
profiles/apparmor/profiles/extras/postfix-showq
View File

@@ -48,4 +48,7 @@ profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
/{var/spool/postfix/,}pid/unix.showq rwk,
owner /{var/spool/postfix,}/defer/[0-9A-F]/[0-9A-F]* r,
owner /{var/spool/postfix,}/deferred/[0-9A-F]/[0-9A-F]* r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-showq>
}

3
profiles/apparmor/profiles/extras/postfix-smtp
View File

@@ -45,4 +45,7 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
/etc/mtab r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-smtp>
}

3
profiles/apparmor/profiles/extras/postfix-smtpd
View File

@@ -52,4 +52,7 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
/{var/spool/postfix/,}public/cleanup rw,
/{,var/}run/sasl2/mux w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-smtpd>
}

3
profiles/apparmor/profiles/extras/postfix-spawn
View File

@@ -19,4 +19,7 @@ profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn {
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}spawn mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-spawn>
}

3
profiles/apparmor/profiles/extras/postfix-tlsmgr
View File

@@ -28,4 +28,7 @@ profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
/{,var/}run/smtpd_tls_session_cache.db rw,
/var/lib/postfix/smtpd_scache.db rwk,
/var/lib/postfix/smtp_scache.db rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-tlsmgr>
}

3
profiles/apparmor/profiles/extras/postfix-trivial-rewrite
View File

@@ -26,4 +26,7 @@ profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite {
/etc/{m,fs}tab r,
/var/spool/postfix/pid/unix.rewrite rw,
/{var/spool/postfix/,}private/rewrite rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-trivial-rewrite>
}

3
profiles/apparmor/profiles/extras/postfix-verify
View File

@@ -19,4 +19,7 @@ profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify {
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}verify mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-verify>
}

3
profiles/apparmor/profiles/extras/postfix-virtual
View File

@@ -23,4 +23,7 @@ profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
/var/spool/postfix/active/* rw,
/var/spool/postfix/pid/unix.virtual rw,
/var/spool/postfix/private/bounce w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-virtual>
}

1
profiles/apparmor/profiles/extras/sbin.dhclient
View File

@@ -87,5 +87,6 @@ profile dhclient /{usr/,}sbin/dhclient {
/var/lib/dhcp/* rw,
/{,var/}run/nm-dhclient-*.conf r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.dhclient>
}

1
profiles/apparmor/profiles/extras/sbin.dhclient-script
View File

@@ -27,5 +27,6 @@ profile dhclient-script /{usr/,}sbin/dhclient-script {
/{usr/,}sbin/ip rix,
/{usr/,}sbin/resolvconf rPUx,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.dhclient-script>
}

3
profiles/apparmor/profiles/extras/sbin.dhcpcd
View File

@@ -44,4 +44,7 @@ profile dhcpcd /{usr/,}sbin/dhcpcd {
/var/lib/dhcpcd/dhcpcd-*.info rw,
/var/lib/dhcpcd/dhcpcd-*.info.old rw,
/{,var/}run/dhcpcd-*.pid rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.dhcpcd>
}

3
profiles/apparmor/profiles/extras/sbin.portmap
View File

@@ -23,4 +23,7 @@ profile portmap /{usr/,}sbin/portmap {
/etc/bindresvport.blacklist r,
/{usr/,}sbin/portmap rmix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.portmap>
}

3
profiles/apparmor/profiles/extras/sbin.resmgrd
View File

@@ -31,4 +31,7 @@ profile resmgrd /{usr/,}sbin/resmgrd {
/{,var/}run/fence* lrw,
/{,var/}run/resmgr/classes/** wl,
/{run,var}/lock/LCK* lrw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.resmgrd>
}

3
profiles/apparmor/profiles/extras/sbin.rpc.lockd
View File

@@ -15,4 +15,7 @@ include <tunables/global>
profile rpc.lockd /{usr/,}sbin/rpc.lockd {
include <abstractions/base>
/{usr/,}sbin/rpc.lockd rmix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.rpc.lockd>
}

3
profiles/apparmor/profiles/extras/sbin.rpc.statd
View File

@@ -53,4 +53,7 @@ profile rpc.statd /{usr/,}sbin/rpc.statd {
@{run}/rpc.statd.pid w,
@{run}/rpcbind.sock rw,
@{run}/sm-notify.pid w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/sbin.rpc.statd>
}

3
profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
View File

@@ -36,4 +36,7 @@ include <tunables/global>
@{HOME}/.Xauthority-l rwl,
@{HOME}/.ssh/config r,
@{HOME}/.ssh/known_hosts rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.NX.bin.nxclient>
}

3
profiles/apparmor/profiles/extras/usr.bin.acroread
View File

@@ -59,4 +59,7 @@ include <tunables/global>
/usr/lib/jvm/java-*/jre/lib/fonts/** r,
/usr/lib/ooo-*/share/fonts/** r,
/usr/share/icons r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.acroread>
}

3
profiles/apparmor/profiles/extras/usr.bin.apropos
View File

@@ -25,4 +25,7 @@ include <tunables/global>
/usr/bin/tr mixr,
/var/cache/man/whatis r,
/var/cache/man/** r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.apropos>
}

3
profiles/apparmor/profiles/extras/usr.bin.dumpcap
View File

@@ -38,4 +38,7 @@ include <tunables/global>
owner /tmp/*pcap{,ng} rw,
owner @{HOME}/**pcap{,ng} rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.dumpcap>
}

3
profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
View File

@@ -155,4 +155,7 @@ include <tunables/global>
/usr/X11R6/lib/Acrobat7/Resource/Font r,
/usr/X11R6/lib/Acrobat7/Resource/Font/** r,
/var/tmp r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.evolution-2.10>
}

3
profiles/apparmor/profiles/extras/usr.bin.fam
View File

@@ -21,4 +21,7 @@ include <tunables/global>
# it makes some level of sense for FAM to read all files on the
# filesystem, even if this is a little unfortunate.
/** r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.fam>
}

1
profiles/apparmor/profiles/extras/usr.bin.freshclam
View File

@@ -28,5 +28,6 @@ include <tunables/global>
/var/lib/clamav/** rw,
owner /run/clamav/freshclam.pid w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.freshclam>
}

3
profiles/apparmor/profiles/extras/usr.bin.gaim
View File

@@ -66,4 +66,7 @@ include <tunables/global>
/usr/share/icons r,
/usr/share/tcl/tcl*/encoding/* r,
/{,var/}run/.resmgr_socket w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.gaim>
}

2
profiles/apparmor/profiles/extras/usr.bin.man
View File

@@ -26,4 +26,6 @@ include <tunables/global>
/usr/bin/man r,
/usr/lib/man-db/man Px,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.man>
}

3
profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
View File

@@ -39,4 +39,7 @@ include <tunables/global>
/usr/share/mlmmj/text.skel/*/* r,
/var/spool/mlmmj/*/control/* r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-bounce>
}

2
profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
View File

@@ -51,4 +51,6 @@ include <tunables/global>
/usr/share/mlmmj/text.skel/*/digest r,
/var/spool/mlmmj/*/mlmmj.operation.log rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-maintd>
}

3
profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
View File

@@ -43,4 +43,7 @@ include <tunables/global>
/var/spool r,
/var/spool/mlmmj rw,
/var/spool/mlmmj/** w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-make-ml.sh>
}

2
profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
View File

@@ -45,4 +45,6 @@ include <tunables/global>
/var/spool/mlmmj/*/moderation/* rw,
/etc/mlmmj/text/*/* r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-process>
}

3
profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
View File

@@ -21,4 +21,7 @@ include <tunables/global>
/usr/bin/mlmmj-receive mr,
/var/spool/mlmmj/*/incoming/ rw,
/var/spool/mlmmj/*/incoming/* rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-receive>
}

3
profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
View File

@@ -23,4 +23,7 @@ include <tunables/global>
/usr/bin/mlmmj-process Px,
/usr/bin/mlmmj-recieve mr,
/var/spool/mlmmj/*/incoming/* w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-recieve>
}

2
profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
View File

@@ -31,4 +31,6 @@ include <tunables/global>
/var/spool/mlmmj/*/moderation/* rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-send>
}

2
profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
View File

@@ -41,4 +41,6 @@ include <tunables/global>
/var/spool/mlmmj/*/digesters.d/ rw,
/var/spool/mlmmj/*/digesters.d/* rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-sub>
}

2
profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
View File

@@ -40,4 +40,6 @@ include <tunables/global>
/usr/share/mlmmj/text.skel/*/* r,
/etc/mlmmj/text/*/finish r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.mlmmj-unsub>
}

3
profiles/apparmor/profiles/extras/usr.bin.opera
View File

@@ -74,4 +74,7 @@ include <tunables/global>
/usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/lib/i386/client/*.so mr,
/usr/lib/opera/*/opera ix,
/usr/lib/opera/*/works ixr,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.opera>
}

3
profiles/apparmor/profiles/extras/usr.bin.passwd
View File

@@ -38,4 +38,7 @@ include <tunables/global>
/usr/share/cracklib/pw_dict.hwm r,
/usr/share/cracklib/pw_dict.pwd r,
/usr/share/cracklib/pw_dict.pwi r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.passwd>
}

3
profiles/apparmor/profiles/extras/usr.bin.procmail
View File

@@ -36,4 +36,7 @@ include <tunables/global>
/usr/bin/procmail rmix,
/usr/bin/spamc Px,
/usr/sbin/sendmail rPx,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.procmail>
}

2
profiles/apparmor/profiles/extras/usr.bin.pyzorsocket
View File

@@ -17,5 +17,7 @@ profile pyzorsocket /usr/bin/pyzorsocket {
/usr/bin/ r,
/usr/bin/python[2-9]* ix,
/usr/bin/pyzorsocket r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.pyzorsocket>
}

1
profiles/apparmor/profiles/extras/usr.bin.razorsocket
View File

@@ -16,5 +16,6 @@ profile razorsocket /usr/bin/razorsocket {
/usr/bin/razorsocket r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.razorsocket>
}

3
profiles/apparmor/profiles/extras/usr.bin.skype
View File

@@ -81,5 +81,8 @@ include <tunables/global>
deny /var/cache/fontconfig/ w,
deny owner @{HOME}/.fontconfig/ w,
deny owner @{HOME}/.fontconfig/*.cache-*.TMP* w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.skype>
}

3
profiles/apparmor/profiles/extras/usr.bin.spamc
View File

@@ -19,4 +19,7 @@ include <tunables/global>
include <abstractions/nameservice>
/usr/bin/spamc r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.spamc>
}

3
profiles/apparmor/profiles/extras/usr.bin.svnserve
View File

@@ -32,4 +32,7 @@ include <tunables/global>
/tmp/apr* rwl,
/var/tmp/apr* rwl,
/tmp/report*.tmp rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.svnserve>
}

3
profiles/apparmor/profiles/extras/usr.bin.wireshark
View File

@@ -99,4 +99,7 @@ include <tunables/global>
# reading/writing pcaps
/**pcap{,ng}{,.gz} r,
owner /**pcap{,ng}{,.gz} rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.wireshark>
}

3
profiles/apparmor/profiles/extras/usr.bin.xfs
View File

@@ -23,4 +23,7 @@ include <tunables/global>
/tmp/.font-unix/fs710[0-9] wl,
/usr/bin/xfs rmix,
/{,var/}run/xfs.pid rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.xfs>
}

3
profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
View File

@@ -33,4 +33,7 @@ include <tunables/global>
/usr/lib/GConf/2/libgconfbackend-xml.so mr,
/usr/lib64/GConf/2/libgconfbackend-xml.so mr,
/usr/share/locale/** r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.GConf.2.gconfd-2>
}

3
profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
View File

@@ -49,4 +49,7 @@ include <tunables/global>
/usr/share/icons/** r,
/usr/share/pixmaps r,
/usr/share/pixmaps/** r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.RealPlayer10.realplay>
}

3
profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
View File

@@ -24,4 +24,7 @@ include <tunables/global>
/usr/lib/bonobo/servers r,
/usr/lib/bonobo/servers/*.server r,
/usr/lib/evolution-data-server-*/evolution-data-server-* Px,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.bonobo.bonobo-activation-server>
}

2
profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
View File

@@ -39,4 +39,6 @@ include <tunables/global>
/usr/lib/gnome-vfs** mr,
/usr/share/evolution-data-server*/** mr,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.evolution-data-server.evolution-data-server-1.10>
}

2
profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
View File

@@ -19,4 +19,6 @@ include <tunables/global>
/usr/lib/firefox/firefox px,
/usr/share/misc/magic.mgc r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.firefox.firefox.sh>
}

3
profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
View File

@@ -20,4 +20,7 @@ include <tunables/global>
/usr/lib/mozilla/lib*so* mr,
/usr/lib/firefox/mozilla-xremote-client rmix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.firefox.mozilla-xremote-client>
}

3
profiles/apparmor/profiles/extras/usr.lib.man-db.man
View File

@@ -68,4 +68,7 @@ include <tunables/global>
/var/cache/man/** rk,
owner @{HOME}/.lesshst rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib.man-db.man>
}

3
profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
View File

@@ -33,4 +33,7 @@ include <tunables/global>
/usr/lib/GConf/2/libgconfbackend-xml.so mr,
/usr/lib64/GConf/2/libgconfbackend-xml.so mr,
/usr/share/locale/** r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.lib64.GConf.2.gconfd-2>
}

3
profiles/apparmor/profiles/extras/usr.sbin.cupsd
View File

@@ -64,4 +64,7 @@ include <tunables/global>
/{,var/}run/cups/** rw,
/var/cache/cups/ rw,
/var/cache/cups/** rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.cupsd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.dhcpd
View File

@@ -36,4 +36,7 @@ include <tunables/global>
/var/lib/dhcp/{db/,}dhcpd{6,}.leases* rwl,
/var/lib/dhcp/etc/dhcpd.conf r,
/{,var/}run/dhcpd.pid wl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.dhcpd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
View File

@@ -178,4 +178,7 @@ include <tunables/global>
# php session state
/var/lib/php/sess_* rwl,
}
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.httpd2-prefork>
}

3
profiles/apparmor/profiles/extras/usr.sbin.imapd
View File

@@ -23,4 +23,7 @@ include <tunables/global>
/tmp/* rwl,
/usr/sbin/imapd r,
/usr/share/ssl/certs/imapd.pem r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.imapd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
View File

@@ -22,4 +22,7 @@ include <tunables/global>
/usr/bin/finger mix,
/var/log/lastlog r,
/{,var/}run/utmp rk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.in.fingerd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
View File

@@ -37,4 +37,7 @@ include <tunables/global>
/var/log/xferlog w,
/{,var/}run wr,
/{,var/}run/ftp.{pids,rips}-all wr,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.in.ftpd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
View File

@@ -19,4 +19,7 @@ include <tunables/global>
/usr/sbin/in.ntalkd r,
/{,var/}run/utmp r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.in.ntalkd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.ipop2d
View File

@@ -23,4 +23,7 @@ include <tunables/global>
/tmp/.* rwl ,
/usr/sbin/ipop2d rmix,
/usr/share/ssl/certs/ipop2d.pem r ,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.ipop2d>
}

3
profiles/apparmor/profiles/extras/usr.sbin.ipop3d
View File

@@ -23,4 +23,7 @@ include <tunables/global>
/tmp/.* rwl ,
/usr/sbin/ipop3d rmix,
/usr/share/ssl/certs/ipop3d.pem r ,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.ipop3d>
}

4
profiles/apparmor/profiles/extras/usr.sbin.lighttpd
View File

@@ -67,5 +67,7 @@ include <tunables/global>
/etc/lighttpd/conf-available/*.conf r,
/etc/lighttpd/conf-enabled/ r,
/etc/lighttpd/conf-enabled/*.conf r,
}
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.lighttpd>
}

2
profiles/apparmor/profiles/extras/usr.sbin.mysqld
View File

@@ -44,4 +44,6 @@ include <tunables/global>
/var/log/mysql/mysqld.log-20* w,
/{,var/}run/mysql{,d}/mysqld.pid w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.mysqld>
}

3
profiles/apparmor/profiles/extras/usr.sbin.oidentd
View File

@@ -29,4 +29,7 @@ include <tunables/global>
# spoofing feature of oidentd
@{HOME}/.ispoof r,
@{HOME}/.oidentd.conf r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.oidentd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.popper
View File

@@ -25,4 +25,7 @@ include <tunables/global>
/usr/sbin/popper mr,
/var/spool/mail/* rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.popper>
}

3
profiles/apparmor/profiles/extras/usr.sbin.postalias
View File

@@ -35,4 +35,7 @@ include <tunables/global>
/var/lib/mailman/data/aliases.{lm,}db rwl,
/var/spool/postfix r,
/var/spool/postfix/pid r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.postalias>
}

3
profiles/apparmor/profiles/extras/usr.sbin.postdrop
View File

@@ -34,4 +34,7 @@ include <tunables/global>
/var/spool/postfix/maildrop/* rwl,
/var/spool/postfix/pid r,
/var/spool/postfix/public/pickup rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.postdrop>
}

3
profiles/apparmor/profiles/extras/usr.sbin.postmap
View File

@@ -27,4 +27,7 @@ include <tunables/global>
@{PROC}/net/if_inet6 r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/sbin/postmap rmix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.postmap>
}

3
profiles/apparmor/profiles/extras/usr.sbin.postqueue
View File

@@ -33,4 +33,7 @@ include <tunables/global>
/var/spool/postfix/public/showq w,
/var/spool/postfix/public/qmgr w,
/var/spool/postfix/public/pickup w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.postqueue>
}

3
profiles/apparmor/profiles/extras/usr.sbin.sendmail
View File

@@ -89,4 +89,7 @@ include <tunables/global>
/var/spool/postfix/public/showq w,
/var/spool/postfix r,
/var/spool/postfix/saved r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.sendmail>
}

3
profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
View File

@@ -50,4 +50,7 @@ include <tunables/global>
/var/spool/postfix/public/showq w,
/var/spool/postfix/public/qmgr w,
/var/spool/postfix/saved r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.sendmail.postfix>
}

3
profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
View File

@@ -46,4 +46,7 @@ include <tunables/global>
/var/spool/mail/* rwl,
/var/spool/mqueue rwl,
/var/spool/mqueue/* rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.sendmail.sendmail>
}

3
profiles/apparmor/profiles/extras/usr.sbin.spamd
View File

@@ -39,4 +39,7 @@ include <tunables/global>
/usr/share/spamassassin/*.cf r,
/usr/share/spamassassin/*.template r,
/usr/share/spamassassin/*.txt r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.spamd>
}

2
profiles/apparmor/profiles/extras/usr.sbin.squid
View File

@@ -62,4 +62,6 @@ include <tunables/global>
/usr/sbin/wbinfo_group.pl rmix,
/usr/sbin/yp_auth rmix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.squid>
}

3
profiles/apparmor/profiles/extras/usr.sbin.useradd
View File

@@ -72,4 +72,7 @@ include <tunables/global>
/var/log/tallylog rw,
}
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.useradd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.userdel
View File

@@ -49,4 +49,7 @@ include <tunables/global>
# XXX
/{,var/}run/nscd.pid r,
/var/spool/mail/* wl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.userdel>
}

3
profiles/apparmor/profiles/extras/usr.sbin.vsftpd
View File

@@ -38,4 +38,7 @@ include <tunables/global>
/pub/** r,
@{HOMEDIRS} r,
@{HOME}/** rwl,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.vsftpd>
}

3
profiles/apparmor/profiles/extras/usr.sbin.xinetd
View File

@@ -69,4 +69,7 @@ include <tunables/global>
/usr/sbin/vsftpd Px,
/usr/X11R6/bin/vnc_inetd_httpd Px,
/usr/X11R6/bin/Xvnc Px,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.xinetd>
}