diff --git a/profiles/apparmor/profiles/extras/bin.netstat b/profiles/apparmor/profiles/extras/bin.netstat index fd8d15606..41ab5e6c9 100644 --- a/profiles/apparmor/profiles/extras/bin.netstat +++ b/profiles/apparmor/profiles/extras/bin.netstat @@ -46,4 +46,7 @@ profile netstat /{usr/,}bin/netstat { @{PROC}/@{pid}/net/udplite r, @{PROC}/@{pid}/net/udplit6 r, @{PROC}/@{pid}/net/unix r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate index 7ba4b38ea..079c8c11a 100644 --- a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate +++ b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate @@ -74,4 +74,7 @@ include /var/spool/slrnpull/ wr, /var/spool/slrnpull/log* wrl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron index 2b551dfdf..de731c44f 100644 --- a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron +++ b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron @@ -25,4 +25,7 @@ include /usr/bin/slocate mixr, /usr/bin/renice mixr, /** r , + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch index fa0b95617..ee4e5c673 100644 --- a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch +++ b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch @@ -22,4 +22,7 @@ include /var/cache/man*/** r, /var/tmp r, /var/tmp/** rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-anvil b/profiles/apparmor/profiles/extras/postfix-anvil index 2aec87286..b0b165da3 100644 --- a/profiles/apparmor/profiles/extras/postfix-anvil +++ b/profiles/apparmor/profiles/extras/postfix-anvil @@ -23,4 +23,7 @@ profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil { /etc/postfix/main.cf r, /{var/spool/postfix/,}private/anvil rw, /{var/spool/postfix/,}pid/unix.anvil rwk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-bounce b/profiles/apparmor/profiles/extras/postfix-bounce index f57b3ac36..ffe69461b 100644 --- a/profiles/apparmor/profiles/extras/postfix-bounce +++ b/profiles/apparmor/profiles/extras/postfix-bounce @@ -47,4 +47,7 @@ profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce { /{var/spool/postfix/,}pid/unix.bounce rwk, /{var/spool/postfix/,}pid/unix.defer rwk, /{var/spool/postfix/,}pid/unix.trace rwk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-cleanup b/profiles/apparmor/profiles/extras/postfix-cleanup index e277f14cc..6789ae149 100644 --- a/profiles/apparmor/profiles/extras/postfix-cleanup +++ b/profiles/apparmor/profiles/extras/postfix-cleanup @@ -38,4 +38,7 @@ profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup { /etc/{m,fs}tab r, /etc/postfix/* r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-discard b/profiles/apparmor/profiles/extras/postfix-discard index fbfe784f8..c236c386a 100644 --- a/profiles/apparmor/profiles/extras/postfix-discard +++ b/profiles/apparmor/profiles/extras/postfix-discard @@ -18,4 +18,7 @@ profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard { include /usr/lib/postfix/{bin/,sbin/,}discard mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-dnsblog b/profiles/apparmor/profiles/extras/postfix-dnsblog index f8ce329b1..05c6a5f95 100644 --- a/profiles/apparmor/profiles/extras/postfix-dnsblog +++ b/profiles/apparmor/profiles/extras/postfix-dnsblog @@ -19,4 +19,7 @@ profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog { /usr/lib/postfix/{bin/,sbin/,}dnsblog mrix, /var/spool/postfix/private/dnsblog rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-error b/profiles/apparmor/profiles/extras/postfix-error index 4719f8973..709875515 100644 --- a/profiles/apparmor/profiles/extras/postfix-error +++ b/profiles/apparmor/profiles/extras/postfix-error @@ -26,4 +26,6 @@ profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error { /var/spool/postfix/pid/unix.retry rwk, owner /var/spool/postfix/private/defer w, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-flush b/profiles/apparmor/profiles/extras/postfix-flush index f8395519d..c51478e32 100644 --- a/profiles/apparmor/profiles/extras/postfix-flush +++ b/profiles/apparmor/profiles/extras/postfix-flush @@ -40,4 +40,6 @@ profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush { @{HOME}/.forward r, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-lmtp b/profiles/apparmor/profiles/extras/postfix-lmtp index d133d6459..9ffbc74bd 100644 --- a/profiles/apparmor/profiles/extras/postfix-lmtp +++ b/profiles/apparmor/profiles/extras/postfix-lmtp @@ -24,4 +24,6 @@ profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp { /var/spool/postfix/active/* rwk, /var/spool/postfix/pid/unix.lmtp rwk, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-local b/profiles/apparmor/profiles/extras/postfix-local index 292e617af..72b7a5742 100644 --- a/profiles/apparmor/profiles/extras/postfix-local +++ b/profiles/apparmor/profiles/extras/postfix-local @@ -44,4 +44,7 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local { /{var/spool/postfix/,}public/{cleanup,flush} rw, # deliver mail /var/mail/* wk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-master b/profiles/apparmor/profiles/extras/postfix-master index 59a227e04..e06c45506 100644 --- a/profiles/apparmor/profiles/extras/postfix-master +++ b/profiles/apparmor/profiles/extras/postfix-master @@ -58,4 +58,7 @@ profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master { /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite Px, owner /var/lib/postfix/master.lock rwk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-nqmgr b/profiles/apparmor/profiles/extras/postfix-nqmgr index 717c9add6..0a2939176 100644 --- a/profiles/apparmor/profiles/extras/postfix-nqmgr +++ b/profiles/apparmor/profiles/extras/postfix-nqmgr @@ -45,4 +45,7 @@ profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr { /{var/spool/postfix/,}private/local w, /{var/spool/postfix/,}public/flush w, /{var/spool/postfix/,}public/qmgr r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-oqmgr b/profiles/apparmor/profiles/extras/postfix-oqmgr index 625e92966..443243c37 100644 --- a/profiles/apparmor/profiles/extras/postfix-oqmgr +++ b/profiles/apparmor/profiles/extras/postfix-oqmgr @@ -20,4 +20,7 @@ profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr { include /usr/lib/postfix/{bin/,sbin/,}oqmgr mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-pickup b/profiles/apparmor/profiles/extras/postfix-pickup index 33b1e5ca0..6bd5af916 100644 --- a/profiles/apparmor/profiles/extras/postfix-pickup +++ b/profiles/apparmor/profiles/extras/postfix-pickup @@ -24,4 +24,7 @@ profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup { /{var/spool/postfix/,}public/pickup r, /{var/spool/postfix/,}maildrop/ r, /{var/spool/postfix/,}maildrop/* rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-pipe b/profiles/apparmor/profiles/extras/postfix-pipe index dbc0867f5..6567568bc 100644 --- a/profiles/apparmor/profiles/extras/postfix-pipe +++ b/profiles/apparmor/profiles/extras/postfix-pipe @@ -27,4 +27,6 @@ profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe { /var/spool/postfix/private/rewrite w, /var/spool/postfix/private/trace w, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-postscreen b/profiles/apparmor/profiles/extras/postfix-postscreen index 46d9c0558..ace8edb6c 100644 --- a/profiles/apparmor/profiles/extras/postfix-postscreen +++ b/profiles/apparmor/profiles/extras/postfix-postscreen @@ -16,4 +16,7 @@ profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen { include /usr/lib/postfix/{bin/,sbin/,}postscreen mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-proxymap b/profiles/apparmor/profiles/extras/postfix-proxymap index b3b44e076..18f0f73de 100644 --- a/profiles/apparmor/profiles/extras/postfix-proxymap +++ b/profiles/apparmor/profiles/extras/postfix-proxymap @@ -23,4 +23,7 @@ profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap { /etc/my.cnf r, /usr/lib/postfix/{bin/,sbin/,}proxymap mrix, /{var/spool/postfix/,}private/proxymap rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-qmgr b/profiles/apparmor/profiles/extras/postfix-qmgr index e02d3a1d9..93f74e70b 100644 --- a/profiles/apparmor/profiles/extras/postfix-qmgr +++ b/profiles/apparmor/profiles/extras/postfix-qmgr @@ -51,4 +51,7 @@ profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr { /{var/spool/postfix/,}private/smtp w, /{var/spool/postfix/,}private/trace w, /{var/spool/postfix/,}private/uucp w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-qmqpd b/profiles/apparmor/profiles/extras/postfix-qmqpd index ecd64cab5..fbcdd9aee 100644 --- a/profiles/apparmor/profiles/extras/postfix-qmqpd +++ b/profiles/apparmor/profiles/extras/postfix-qmqpd @@ -19,4 +19,7 @@ profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd { include /usr/lib/postfix/{bin/,sbin/,}qmqpd mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-scache b/profiles/apparmor/profiles/extras/postfix-scache index a584f837e..070171cab 100644 --- a/profiles/apparmor/profiles/extras/postfix-scache +++ b/profiles/apparmor/profiles/extras/postfix-scache @@ -21,4 +21,7 @@ profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache { include /usr/lib/postfix/{bin/,sbin/,}scache mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-showq b/profiles/apparmor/profiles/extras/postfix-showq index 473ccdcd3..be2ed2fa7 100644 --- a/profiles/apparmor/profiles/extras/postfix-showq +++ b/profiles/apparmor/profiles/extras/postfix-showq @@ -48,4 +48,7 @@ profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq { /{var/spool/postfix/,}pid/unix.showq rwk, owner /{var/spool/postfix,}/defer/[0-9A-F]/[0-9A-F]* r, owner /{var/spool/postfix,}/deferred/[0-9A-F]/[0-9A-F]* r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-smtp b/profiles/apparmor/profiles/extras/postfix-smtp index a0ca40210..bf26529d4 100644 --- a/profiles/apparmor/profiles/extras/postfix-smtp +++ b/profiles/apparmor/profiles/extras/postfix-smtp @@ -45,4 +45,7 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp { /etc/postfix/prng_exch rw, /usr/share/ssl/certs/ca-bundle.crt r, /etc/mtab r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-smtpd b/profiles/apparmor/profiles/extras/postfix-smtpd index 1676d2ab9..8b397f32b 100644 --- a/profiles/apparmor/profiles/extras/postfix-smtpd +++ b/profiles/apparmor/profiles/extras/postfix-smtpd @@ -52,4 +52,7 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd { /{var/spool/postfix/,}public/cleanup rw, /{,var/}run/sasl2/mux w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-spawn b/profiles/apparmor/profiles/extras/postfix-spawn index 86db87f21..721849ad5 100644 --- a/profiles/apparmor/profiles/extras/postfix-spawn +++ b/profiles/apparmor/profiles/extras/postfix-spawn @@ -19,4 +19,7 @@ profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn { include /usr/lib/postfix/{bin/,sbin/,}spawn mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-tlsmgr b/profiles/apparmor/profiles/extras/postfix-tlsmgr index 743391e2c..6f692b4a8 100644 --- a/profiles/apparmor/profiles/extras/postfix-tlsmgr +++ b/profiles/apparmor/profiles/extras/postfix-tlsmgr @@ -28,4 +28,7 @@ profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr { /{,var/}run/smtpd_tls_session_cache.db rw, /var/lib/postfix/smtpd_scache.db rwk, /var/lib/postfix/smtp_scache.db rwk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-trivial-rewrite b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite index 27c12c831..59fc6b4d7 100644 --- a/profiles/apparmor/profiles/extras/postfix-trivial-rewrite +++ b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite @@ -26,4 +26,7 @@ profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite { /etc/{m,fs}tab r, /var/spool/postfix/pid/unix.rewrite rw, /{var/spool/postfix/,}private/rewrite rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-verify b/profiles/apparmor/profiles/extras/postfix-verify index d7d629d1d..b2f52d950 100644 --- a/profiles/apparmor/profiles/extras/postfix-verify +++ b/profiles/apparmor/profiles/extras/postfix-verify @@ -19,4 +19,7 @@ profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify { include /usr/lib/postfix/{bin/,sbin/,}verify mrix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/postfix-virtual b/profiles/apparmor/profiles/extras/postfix-virtual index d477f1d4e..89b2f59d4 100644 --- a/profiles/apparmor/profiles/extras/postfix-virtual +++ b/profiles/apparmor/profiles/extras/postfix-virtual @@ -23,4 +23,7 @@ profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual { /var/spool/postfix/active/* rw, /var/spool/postfix/pid/unix.virtual rw, /var/spool/postfix/private/bounce w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient index 02d67dd31..095615a97 100644 --- a/profiles/apparmor/profiles/extras/sbin.dhclient +++ b/profiles/apparmor/profiles/extras/sbin.dhclient @@ -87,5 +87,6 @@ profile dhclient /{usr/,}sbin/dhclient { /var/lib/dhcp/* rw, /{,var/}run/nm-dhclient-*.conf r, + # Site-specific additions and overrides. See local/README for details. include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient-script b/profiles/apparmor/profiles/extras/sbin.dhclient-script index d972b6093..16a9a5e8f 100644 --- a/profiles/apparmor/profiles/extras/sbin.dhclient-script +++ b/profiles/apparmor/profiles/extras/sbin.dhclient-script @@ -27,5 +27,6 @@ profile dhclient-script /{usr/,}sbin/dhclient-script { /{usr/,}sbin/ip rix, /{usr/,}sbin/resolvconf rPUx, + # Site-specific additions and overrides. See local/README for details. include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.dhcpcd b/profiles/apparmor/profiles/extras/sbin.dhcpcd index 53b3b3567..60745d309 100644 --- a/profiles/apparmor/profiles/extras/sbin.dhcpcd +++ b/profiles/apparmor/profiles/extras/sbin.dhcpcd @@ -44,4 +44,7 @@ profile dhcpcd /{usr/,}sbin/dhcpcd { /var/lib/dhcpcd/dhcpcd-*.info rw, /var/lib/dhcpcd/dhcpcd-*.info.old rw, /{,var/}run/dhcpcd-*.pid rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.portmap b/profiles/apparmor/profiles/extras/sbin.portmap index 0d5b23936..c1beff557 100644 --- a/profiles/apparmor/profiles/extras/sbin.portmap +++ b/profiles/apparmor/profiles/extras/sbin.portmap @@ -23,4 +23,7 @@ profile portmap /{usr/,}sbin/portmap { /etc/bindresvport.blacklist r, /{usr/,}sbin/portmap rmix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.resmgrd b/profiles/apparmor/profiles/extras/sbin.resmgrd index c794cacae..aee87796f 100644 --- a/profiles/apparmor/profiles/extras/sbin.resmgrd +++ b/profiles/apparmor/profiles/extras/sbin.resmgrd @@ -31,4 +31,7 @@ profile resmgrd /{usr/,}sbin/resmgrd { /{,var/}run/fence* lrw, /{,var/}run/resmgr/classes/** wl, /{run,var}/lock/LCK* lrw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.lockd b/profiles/apparmor/profiles/extras/sbin.rpc.lockd index 8a198a279..dab9dfc07 100644 --- a/profiles/apparmor/profiles/extras/sbin.rpc.lockd +++ b/profiles/apparmor/profiles/extras/sbin.rpc.lockd @@ -15,4 +15,7 @@ include profile rpc.lockd /{usr/,}sbin/rpc.lockd { include /{usr/,}sbin/rpc.lockd rmix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.statd b/profiles/apparmor/profiles/extras/sbin.rpc.statd index 58300d1d4..ec0d85705 100644 --- a/profiles/apparmor/profiles/extras/sbin.rpc.statd +++ b/profiles/apparmor/profiles/extras/sbin.rpc.statd @@ -53,4 +53,7 @@ profile rpc.statd /{usr/,}sbin/rpc.statd { @{run}/rpc.statd.pid w, @{run}/rpcbind.sock rw, @{run}/sm-notify.pid w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient index 1173b8d06..d1244f39a 100644 --- a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient +++ b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient @@ -36,4 +36,7 @@ include @{HOME}/.Xauthority-l rwl, @{HOME}/.ssh/config r, @{HOME}/.ssh/known_hosts rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.acroread b/profiles/apparmor/profiles/extras/usr.bin.acroread index f24f0a64a..d88aaadf7 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.acroread +++ b/profiles/apparmor/profiles/extras/usr.bin.acroread @@ -59,4 +59,7 @@ include /usr/lib/jvm/java-*/jre/lib/fonts/** r, /usr/lib/ooo-*/share/fonts/** r, /usr/share/icons r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.apropos b/profiles/apparmor/profiles/extras/usr.bin.apropos index 292cd6de9..0ac126cc1 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.apropos +++ b/profiles/apparmor/profiles/extras/usr.bin.apropos @@ -25,4 +25,7 @@ include /usr/bin/tr mixr, /var/cache/man/whatis r, /var/cache/man/** r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.dumpcap b/profiles/apparmor/profiles/extras/usr.bin.dumpcap index 556f3d9f1..c23c378c6 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.dumpcap +++ b/profiles/apparmor/profiles/extras/usr.bin.dumpcap @@ -38,4 +38,7 @@ include owner /tmp/*pcap{,ng} rw, owner @{HOME}/**pcap{,ng} rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 index 2848f5ebd..50e8e64c4 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 +++ b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 @@ -155,4 +155,7 @@ include /usr/X11R6/lib/Acrobat7/Resource/Font r, /usr/X11R6/lib/Acrobat7/Resource/Font/** r, /var/tmp r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.fam b/profiles/apparmor/profiles/extras/usr.bin.fam index 8b8385ac0..3981ef420 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.fam +++ b/profiles/apparmor/profiles/extras/usr.bin.fam @@ -21,4 +21,7 @@ include # it makes some level of sense for FAM to read all files on the # filesystem, even if this is a little unfortunate. /** r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.freshclam b/profiles/apparmor/profiles/extras/usr.bin.freshclam index 152652c9b..69ce3a56a 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.freshclam +++ b/profiles/apparmor/profiles/extras/usr.bin.freshclam @@ -28,5 +28,6 @@ include /var/lib/clamav/** rw, owner /run/clamav/freshclam.pid w, + # Site-specific additions and overrides. See local/README for details. include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.gaim b/profiles/apparmor/profiles/extras/usr.bin.gaim index e5ae3ef11..0ed2fb8e0 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.gaim +++ b/profiles/apparmor/profiles/extras/usr.bin.gaim @@ -66,4 +66,7 @@ include /usr/share/icons r, /usr/share/tcl/tcl*/encoding/* r, /{,var/}run/.resmgr_socket w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.man b/profiles/apparmor/profiles/extras/usr.bin.man index 4dcc19c2c..ffc3adf07 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.man +++ b/profiles/apparmor/profiles/extras/usr.bin.man @@ -26,4 +26,6 @@ include /usr/bin/man r, /usr/lib/man-db/man Px, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce index a562dfe23..6eaa4aba7 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce @@ -39,4 +39,7 @@ include /usr/share/mlmmj/text.skel/*/* r, /var/spool/mlmmj/*/control/* r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd index 366d074f8..bf300e676 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd @@ -51,4 +51,6 @@ include /usr/share/mlmmj/text.skel/*/digest r, /var/spool/mlmmj/*/mlmmj.operation.log rwk, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh index 5d46c439b..3ca7b9abf 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh @@ -43,4 +43,7 @@ include /var/spool r, /var/spool/mlmmj rw, /var/spool/mlmmj/** w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process index 7a9a6ff1c..abeb56ada 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process @@ -45,4 +45,6 @@ include /var/spool/mlmmj/*/moderation/* rw, /etc/mlmmj/text/*/* r, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive index a0742b476..78f11b6bb 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive @@ -21,4 +21,7 @@ include /usr/bin/mlmmj-receive mr, /var/spool/mlmmj/*/incoming/ rw, /var/spool/mlmmj/*/incoming/* rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve index ebce17d77..5337b256d 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve @@ -23,4 +23,7 @@ include /usr/bin/mlmmj-process Px, /usr/bin/mlmmj-recieve mr, /var/spool/mlmmj/*/incoming/* w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send index 4ffb9d715..f399af930 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send @@ -31,4 +31,6 @@ include /var/spool/mlmmj/*/moderation/* rwk, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub index ed6a64f94..248a14a6f 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub @@ -41,4 +41,6 @@ include /var/spool/mlmmj/*/digesters.d/ rw, /var/spool/mlmmj/*/digesters.d/* rwk, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub index 88fa6b152..f6a4d5e70 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub @@ -40,4 +40,6 @@ include /usr/share/mlmmj/text.skel/*/* r, /etc/mlmmj/text/*/finish r, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.opera b/profiles/apparmor/profiles/extras/usr.bin.opera index 324bc8d30..1bda4ba3d 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.opera +++ b/profiles/apparmor/profiles/extras/usr.bin.opera @@ -74,4 +74,7 @@ include /usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/lib/i386/client/*.so mr, /usr/lib/opera/*/opera ix, /usr/lib/opera/*/works ixr, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.passwd b/profiles/apparmor/profiles/extras/usr.bin.passwd index d28d8be0e..80ca9c180 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.passwd +++ b/profiles/apparmor/profiles/extras/usr.bin.passwd @@ -38,4 +38,7 @@ include /usr/share/cracklib/pw_dict.hwm r, /usr/share/cracklib/pw_dict.pwd r, /usr/share/cracklib/pw_dict.pwi r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.procmail b/profiles/apparmor/profiles/extras/usr.bin.procmail index a9219682c..c3a758a55 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.procmail +++ b/profiles/apparmor/profiles/extras/usr.bin.procmail @@ -36,4 +36,7 @@ include /usr/bin/procmail rmix, /usr/bin/spamc Px, /usr/sbin/sendmail rPx, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket b/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket index 4f833842a..6ec9ede5b 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket +++ b/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket @@ -17,5 +17,7 @@ profile pyzorsocket /usr/bin/pyzorsocket { /usr/bin/ r, /usr/bin/python[2-9]* ix, /usr/bin/pyzorsocket r, + + # Site-specific additions and overrides. See local/README for details. include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.razorsocket b/profiles/apparmor/profiles/extras/usr.bin.razorsocket index 51f0c5a4c..9748ebce4 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.razorsocket +++ b/profiles/apparmor/profiles/extras/usr.bin.razorsocket @@ -16,5 +16,6 @@ profile razorsocket /usr/bin/razorsocket { /usr/bin/razorsocket r, + # Site-specific additions and overrides. See local/README for details. include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.skype b/profiles/apparmor/profiles/extras/usr.bin.skype index dce23e344..776f6c59c 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.skype +++ b/profiles/apparmor/profiles/extras/usr.bin.skype @@ -81,5 +81,8 @@ include deny /var/cache/fontconfig/ w, deny owner @{HOME}/.fontconfig/ w, deny owner @{HOME}/.fontconfig/*.cache-*.TMP* w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.spamc b/profiles/apparmor/profiles/extras/usr.bin.spamc index e51ba8e2a..00189384e 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.spamc +++ b/profiles/apparmor/profiles/extras/usr.bin.spamc @@ -19,4 +19,7 @@ include include /usr/bin/spamc r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.svnserve b/profiles/apparmor/profiles/extras/usr.bin.svnserve index 9aa7868d3..e5d96861a 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.svnserve +++ b/profiles/apparmor/profiles/extras/usr.bin.svnserve @@ -32,4 +32,7 @@ include /tmp/apr* rwl, /var/tmp/apr* rwl, /tmp/report*.tmp rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark index a835afb34..261ca763c 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.wireshark +++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark @@ -99,4 +99,7 @@ include # reading/writing pcaps /**pcap{,ng}{,.gz} r, owner /**pcap{,ng}{,.gz} rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.bin.xfs b/profiles/apparmor/profiles/extras/usr.bin.xfs index 17b9d06ba..4cebe7043 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.xfs +++ b/profiles/apparmor/profiles/extras/usr.bin.xfs @@ -23,4 +23,7 @@ include /tmp/.font-unix/fs710[0-9] wl, /usr/bin/xfs rmix, /{,var/}run/xfs.pid rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 index 02ffdb4be..d9bee8e35 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 +++ b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 @@ -33,4 +33,7 @@ include /usr/lib/GConf/2/libgconfbackend-xml.so mr, /usr/lib64/GConf/2/libgconfbackend-xml.so mr, /usr/share/locale/** r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay index a2de723a4..b0b5b9024 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay +++ b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay @@ -49,4 +49,7 @@ include /usr/share/icons/** r, /usr/share/pixmaps r, /usr/share/pixmaps/** r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server index e09c0b945..156cb2fa4 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server +++ b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server @@ -24,4 +24,7 @@ include /usr/lib/bonobo/servers r, /usr/lib/bonobo/servers/*.server r, /usr/lib/evolution-data-server-*/evolution-data-server-* Px, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 index a649fe531..c0f80a076 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 +++ b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 @@ -39,4 +39,6 @@ include /usr/lib/gnome-vfs** mr, /usr/share/evolution-data-server*/** mr, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh index 95a7a7de4..3d8748eaa 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh +++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh @@ -19,4 +19,6 @@ include /usr/lib/firefox/firefox px, /usr/share/misc/magic.mgc r, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client index bb8ca311f..2d9a50d6c 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client +++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client @@ -20,4 +20,7 @@ include /usr/lib/mozilla/lib*so* mr, /usr/lib/firefox/mozilla-xremote-client rmix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib.man-db.man b/profiles/apparmor/profiles/extras/usr.lib.man-db.man index 1770359f7..8fcf46604 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.man-db.man +++ b/profiles/apparmor/profiles/extras/usr.lib.man-db.man @@ -68,4 +68,7 @@ include /var/cache/man/** rk, owner @{HOME}/.lesshst rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 index 89925b059..0c4b367de 100644 --- a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 +++ b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 @@ -33,4 +33,7 @@ include /usr/lib/GConf/2/libgconfbackend-xml.so mr, /usr/lib64/GConf/2/libgconfbackend-xml.so mr, /usr/share/locale/** r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.cupsd b/profiles/apparmor/profiles/extras/usr.sbin.cupsd index 24f521e00..d059ec97a 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.cupsd +++ b/profiles/apparmor/profiles/extras/usr.sbin.cupsd @@ -64,4 +64,7 @@ include /{,var/}run/cups/** rw, /var/cache/cups/ rw, /var/cache/cups/** rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd index 5d534dd73..19e511d14 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd +++ b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd @@ -36,4 +36,7 @@ include /var/lib/dhcp/{db/,}dhcpd{6,}.leases* rwl, /var/lib/dhcp/etc/dhcpd.conf r, /{,var/}run/dhcpd.pid wl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork index ff9f31d43..b9ff89a35 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork +++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork @@ -178,4 +178,7 @@ include # php session state /var/lib/php/sess_* rwl, } + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.imapd b/profiles/apparmor/profiles/extras/usr.sbin.imapd index 0d21823d2..c1277bbb7 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.imapd +++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd @@ -23,4 +23,7 @@ include /tmp/* rwl, /usr/sbin/imapd r, /usr/share/ssl/certs/imapd.pem r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd index 1bcb43b4b..685a123c0 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd +++ b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd @@ -22,4 +22,7 @@ include /usr/bin/finger mix, /var/log/lastlog r, /{,var/}run/utmp rk, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd index e39356dd2..d28986cca 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd +++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd @@ -37,4 +37,7 @@ include /var/log/xferlog w, /{,var/}run wr, /{,var/}run/ftp.{pids,rips}-all wr, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd index 7b454a76a..f33033df7 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd +++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd @@ -19,4 +19,7 @@ include /usr/sbin/in.ntalkd r, /{,var/}run/utmp r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d index c65c9c958..ca0c4c770 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d +++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d @@ -23,4 +23,7 @@ include /tmp/.* rwl , /usr/sbin/ipop2d rmix, /usr/share/ssl/certs/ipop2d.pem r , + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d index ca6348f5c..e94ffc5cc 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d +++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d @@ -23,4 +23,7 @@ include /tmp/.* rwl , /usr/sbin/ipop3d rmix, /usr/share/ssl/certs/ipop3d.pem r , + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd index af11fb5a9..b331509c6 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd +++ b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd @@ -67,5 +67,7 @@ include /etc/lighttpd/conf-available/*.conf r, /etc/lighttpd/conf-enabled/ r, /etc/lighttpd/conf-enabled/*.conf r, -} + # Site-specific additions and overrides. See local/README for details. + include if exists +} diff --git a/profiles/apparmor/profiles/extras/usr.sbin.mysqld b/profiles/apparmor/profiles/extras/usr.sbin.mysqld index 8410467b1..6c93b1582 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.mysqld +++ b/profiles/apparmor/profiles/extras/usr.sbin.mysqld @@ -44,4 +44,6 @@ include /var/log/mysql/mysqld.log-20* w, /{,var/}run/mysql{,d}/mysqld.pid w, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.oidentd b/profiles/apparmor/profiles/extras/usr.sbin.oidentd index 999cefefa..6353b6b5e 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.oidentd +++ b/profiles/apparmor/profiles/extras/usr.sbin.oidentd @@ -29,4 +29,7 @@ include # spoofing feature of oidentd @{HOME}/.ispoof r, @{HOME}/.oidentd.conf r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.popper b/profiles/apparmor/profiles/extras/usr.sbin.popper index 3b2ef4c6e..0c6eb5d5f 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.popper +++ b/profiles/apparmor/profiles/extras/usr.sbin.popper @@ -25,4 +25,7 @@ include /usr/sbin/popper mr, /var/spool/mail/* rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postalias b/profiles/apparmor/profiles/extras/usr.sbin.postalias index 832a7a5fe..c78c35f7f 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.postalias +++ b/profiles/apparmor/profiles/extras/usr.sbin.postalias @@ -35,4 +35,7 @@ include /var/lib/mailman/data/aliases.{lm,}db rwl, /var/spool/postfix r, /var/spool/postfix/pid r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postdrop b/profiles/apparmor/profiles/extras/usr.sbin.postdrop index 3b1706799..8ec184399 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.postdrop +++ b/profiles/apparmor/profiles/extras/usr.sbin.postdrop @@ -34,4 +34,7 @@ include /var/spool/postfix/maildrop/* rwl, /var/spool/postfix/pid r, /var/spool/postfix/public/pickup rw, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postmap b/profiles/apparmor/profiles/extras/usr.sbin.postmap index 11bc606e0..656f10233 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.postmap +++ b/profiles/apparmor/profiles/extras/usr.sbin.postmap @@ -27,4 +27,7 @@ include @{PROC}/net/if_inet6 r, /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/sbin/postmap rmix, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postqueue b/profiles/apparmor/profiles/extras/usr.sbin.postqueue index 4ca429c38..9e1355f31 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.postqueue +++ b/profiles/apparmor/profiles/extras/usr.sbin.postqueue @@ -33,4 +33,7 @@ include /var/spool/postfix/public/showq w, /var/spool/postfix/public/qmgr w, /var/spool/postfix/public/pickup w, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail index f1326d8de..75e903018 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail +++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail @@ -89,4 +89,7 @@ include /var/spool/postfix/public/showq w, /var/spool/postfix r, /var/spool/postfix/saved r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix index ed7fa7e4d..413e1bea6 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix +++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix @@ -50,4 +50,7 @@ include /var/spool/postfix/public/showq w, /var/spool/postfix/public/qmgr w, /var/spool/postfix/saved r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail index 4bce297d8..bf923f83e 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail +++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail @@ -46,4 +46,7 @@ include /var/spool/mail/* rwl, /var/spool/mqueue rwl, /var/spool/mqueue/* rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.spamd b/profiles/apparmor/profiles/extras/usr.sbin.spamd index 6ee9f97a2..84b485eb5 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.spamd +++ b/profiles/apparmor/profiles/extras/usr.sbin.spamd @@ -39,4 +39,7 @@ include /usr/share/spamassassin/*.cf r, /usr/share/spamassassin/*.template r, /usr/share/spamassassin/*.txt r, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.squid b/profiles/apparmor/profiles/extras/usr.sbin.squid index a94eb3e71..15f8252d8 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.squid +++ b/profiles/apparmor/profiles/extras/usr.sbin.squid @@ -62,4 +62,6 @@ include /usr/sbin/wbinfo_group.pl rmix, /usr/sbin/yp_auth rmix, + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.useradd b/profiles/apparmor/profiles/extras/usr.sbin.useradd index 1b38a0e42..2f59f6d6f 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.useradd +++ b/profiles/apparmor/profiles/extras/usr.sbin.useradd @@ -72,4 +72,7 @@ include /var/log/tallylog rw, } + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.userdel b/profiles/apparmor/profiles/extras/usr.sbin.userdel index 138a5b1eb..5014c9c7f 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.userdel +++ b/profiles/apparmor/profiles/extras/usr.sbin.userdel @@ -49,4 +49,7 @@ include # XXX /{,var/}run/nscd.pid r, /var/spool/mail/* wl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd index 7d4862dfb..994fad61c 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd +++ b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd @@ -38,4 +38,7 @@ include /pub/** r, @{HOMEDIRS} r, @{HOME}/** rwl, + + # Site-specific additions and overrides. See local/README for details. + include if exists } diff --git a/profiles/apparmor/profiles/extras/usr.sbin.xinetd b/profiles/apparmor/profiles/extras/usr.sbin.xinetd index d5fb26a37..844f156cc 100644 --- a/profiles/apparmor/profiles/extras/usr.sbin.xinetd +++ b/profiles/apparmor/profiles/extras/usr.sbin.xinetd @@ -69,4 +69,7 @@ include /usr/sbin/vsftpd Px, /usr/X11R6/bin/vnc_inetd_httpd Px, /usr/X11R6/bin/Xvnc Px, + + # Site-specific additions and overrides. See local/README for details. + include if exists }