mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

implement 'local/' mechanism to aid in packaging:

Browse Source 
- create profiles/apparmor.d/local/README to explain it all
- adjust shipped profiles in profiles/apparmor.d to include the local changes
- adjust profiles/Makefile for local files
This commit is contained in:
Jamie Strandboge
2010-08-05 15:30:43 -05:00
parent cc434a1c7f b550fa291c
commit 9c3fb960e8
24 changed files with 124 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
profiles/Makefile
View File

@@ -1,8 +1,7 @@
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# $Id$ # Copyright (C) 2002-2009 Novell/SUSE
# # Copyright (C) 2010 Canonical Ltd.
# Copyright (C) 2002-2006 Novell/SUSE
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -18,7 +17,7 @@
# #
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# Makefile for LSM-based AppArmor SuSE profiles # Makefile for LSM-based AppArmor profiles
NAME=apparmor-profiles NAME=apparmor-profiles
ALL: ALL:
@@ -37,18 +36,25 @@ PROFILES_DEST=${DESTDIR}/etc/apparmor.d
EXTRAS_DEST=${DESTDIR}/etc/apparmor/profiles/extras/ EXTRAS_DEST=${DESTDIR}/etc/apparmor/profiles/extras/
PROFILES_SOURCE=./apparmor.d PROFILES_SOURCE=./apparmor.d
EXTRAS_SOURCE=./apparmor/profiles/extras/ EXTRAS_SOURCE=./apparmor/profiles/extras/
SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables ${PROFILES_SOURCE}/local
PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*)) PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*))
TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d, $(wildcard ${PROFILES_SOURCE}/tunables/*)) TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d, $(wildcard ${PROFILES_SOURCE}/tunables/*))
local:
for profile in ${PROFILES_TO_COPY}; do \
fn=$$(basename $$profile); \
echo "# Site-specific additions and overrides for '$$fn'" > ${PROFILES_SOURCE}/local/$$fn; \
done; \
.PHONY: install .PHONY: install
install: install: local
install -m 755 -d ${PROFILES_DEST} install -m 755 -d ${PROFILES_DEST}
install -m 755 -d ${PROFILES_DEST}/abstractions \ install -m 755 -d ${PROFILES_DEST}/abstractions \
${PROFILES_DEST}/apache2.d \ ${PROFILES_DEST}/apache2.d \
${PROFILES_DEST}/program-chunks \ ${PROFILES_DEST}/program-chunks \
${PROFILES_DEST}/tunables \ ${PROFILES_DEST}/tunables \
${PROFILES_DEST}/tunables/home.d ${PROFILES_DEST}/tunables/home.d \
${PROFILES_DEST}/local
install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST} install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST}
install -m 644 ${PROFILES_SOURCE}/abstractions/* ${PROFILES_DEST}/abstractions install -m 644 ${PROFILES_SOURCE}/abstractions/* ${PROFILES_DEST}/abstractions
install -m 644 ${PROFILES_SOURCE}/apache2.d/* ${PROFILES_DEST}/apache2.d install -m 644 ${PROFILES_SOURCE}/apache2.d/* ${PROFILES_DEST}/apache2.d
@@ -57,10 +63,11 @@ install:
install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d
install -m 755 -d ${EXTRAS_DEST} install -m 755 -d ${EXTRAS_DEST}
install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST} install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}
install -m 644 ${PROFILES_SOURCE}/local/* ${PROFILES_DEST}/local
.PHONY: clean .PHONY: clean
clean: clean:
-rm -f $(NAME)-$(VERSION)*.tar.gz Make.rules -rm -f $(NAME)-$(VERSION)*.tar.gz Make.rules ${PROFILES_SOURCE}/local/[a-z]*
ifndef VERBOSE ifndef VERBOSE
Q=@ Q=@

8
profiles/apparmor.d/bin.ping
View File

@@ -1,8 +1,7 @@
# Last Modified: Thu Aug 2 14:28:48 2007
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -22,4 +21,7 @@
/bin/ping mixr, /bin/ping mixr,
/etc/modules.conf r, /etc/modules.conf r,
# Site-specific additions and overrides. See local/README for details.
#include <local/bin.ping>
} }

17
profiles/apparmor.d/local/README Normal file
View File

@@ -0,0 +1,17 @@
This directory is intended to contain profile additions and overrides for
inclusion by distributed profiles to aid in packaging AppArmor for
distributions. While the shipped profiles in /etc/apparmor.d can still be
modified by an administrator, adjusting them here ensures that the package
manager of the distribution won't interfere with local modifications.
For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
#include <local/usr.sbin.smbd>
then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
contain any additional paths to be allowed, such as:
/var/exports/** lrw,
Keep in mind that 'deny' rules are evaluated after allow rules, so you won't be
able to allow access to files that are explicitly denied by the shipped profile
using this mechanism.

6
profiles/apparmor.d/sbin.klogd
View File

@@ -1,7 +1,7 @@
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -29,4 +29,6 @@
/var/run/klogd/klogd.pid krwl, /var/run/klogd/klogd.pid krwl,
/var/run/klogd/kmsg r, /var/run/klogd/kmsg r,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.klogd>
} }

7
profiles/apparmor.d/sbin.syslog-ng
View File

@@ -1,8 +1,8 @@
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2006 Novell/SUSE # Copyright (C) 2006-2009 Novell/SUSE
# Copyright (C) 2006 Christian Boltz # Copyright (C) 2006 Christian Boltz
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -41,5 +41,6 @@
@{CHROOT_BASE}/var/log/** w, @{CHROOT_BASE}/var/log/** w,
@{CHROOT_BASE}/var/run/syslog-ng.pid krw, @{CHROOT_BASE}/var/run/syslog-ng.pid krw,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.syslog-ng>
} }

7
profiles/apparmor.d/sbin.syslogd
View File

@@ -1,7 +1,7 @@
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -33,4 +33,7 @@
/var/run/syslogd.pid krwl, /var/run/syslogd.pid krwl,
/var/run/utmp rw, /var/run/utmp rw,
/var/spool/compaq/nic/messages_fifo rw, /var/spool/compaq/nic/messages_fifo rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.syslogd>
} }

7
profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
View File

@@ -1,10 +1,9 @@
# Last Modified: Wed Sep 16 11:58:00 2009
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com> # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
#include <tunables/global>
#include <tunables/global>
/usr/lib/apache2/mpm-prefork/apache2 { /usr/lib/apache2/mpm-prefork/apache2 {
# This is profile is completely permissive. # This profile is completely permissive.
# It is designed to target specific applications using mod_apparmor, # It is designed to target specific applications using mod_apparmor,
# hats, and the apache2.d directory. # hats, and the apache2.d directory.
# #
@@ -75,4 +74,6 @@
#include <apache2.d> #include <apache2.d>
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.apache2.mpm-prefork.apache2>
} }

5
profiles/apparmor.d/usr.lib.dovecot.deliver
View File

@@ -1,5 +1,5 @@
# Last Modified: Wed Jun 10 00:20:56 2009
# Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com> # Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/deliver { /usr/lib/dovecot/deliver {
#include <abstractions/base> #include <abstractions/base>
@@ -17,4 +17,7 @@
@{HOME}/mail/.imap/** klrw, @{HOME}/mail/.imap/** klrw,
/usr/lib/dovecot/deliver mr, /usr/lib/dovecot/deliver mr,
/var/mail/* klrw, /var/mail/* klrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.deliver>
} }

5
profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
View File

@@ -1,5 +1,5 @@
# Last Modified: Fri Oct 10 17:19:26 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/dovecot-auth { /usr/lib/dovecot/dovecot-auth {
#include <abstractions/authentication> #include <abstractions/authentication>
@@ -17,4 +17,7 @@
/var/run/dovecot/** rw, /var/run/dovecot/** rw,
# required for postfix+dovecot integration # required for postfix+dovecot integration
/var/spool/postfix/private/dovecot-auth w, /var/spool/postfix/private/dovecot-auth w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.dovecot-auth>
} }

5
profiles/apparmor.d/usr.lib.dovecot.imap
View File

@@ -1,5 +1,5 @@
# Last Modified: Sat Oct 11 09:17:38 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/imap { /usr/lib/dovecot/imap {
#include <abstractions/base> #include <abstractions/base>
@@ -16,4 +16,7 @@
@{HOME}/mail/.imap/** klrw, @{HOME}/mail/.imap/** klrw,
/usr/lib/dovecot/imap mr, /usr/lib/dovecot/imap mr,
/var/mail/* klrw, /var/mail/* klrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.imap>
} }

5
profiles/apparmor.d/usr.lib.dovecot.imap-login
View File

@@ -1,5 +1,5 @@
# Last Modified: Wed Oct 8 00:20:56 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/imap-login { /usr/lib/dovecot/imap-login {
#include <abstractions/base> #include <abstractions/base>
@@ -15,4 +15,7 @@
/usr/lib/dovecot/imap-login mr, /usr/lib/dovecot/imap-login mr,
/var/run/dovecot/login/ r, /var/run/dovecot/login/ r,
/var/run/dovecot/login/* rw, /var/run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.imap-login>
} }

5
profiles/apparmor.d/usr.lib.dovecot.managesieve-login
View File

@@ -1,5 +1,5 @@
# Last Modified: Wed Jun 10 00:20:56 2009
# Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com> # Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/managesieve-login { /usr/lib/dovecot/managesieve-login {
#include <abstractions/base> #include <abstractions/base>
@@ -15,4 +15,7 @@
/usr/lib/dovecot/managesieve-login mr, /usr/lib/dovecot/managesieve-login mr,
/var/run/dovecot/login/ r, /var/run/dovecot/login/ r,
/var/run/dovecot/login/* rw, /var/run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.managesieve-login>
} }

5
profiles/apparmor.d/usr.lib.dovecot.pop3
View File

@@ -1,5 +1,5 @@
# Last Modified: Wed Oct 8 00:21:56 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/pop3 { /usr/lib/dovecot/pop3 {
#include <abstractions/base> #include <abstractions/base>
@@ -15,4 +15,7 @@
@{HOME}/Maildir/ rw, @{HOME}/Maildir/ rw,
@{HOME}/Maildir/** klrw, @{HOME}/Maildir/** klrw,
/usr/lib/dovecot/pop3 mr, /usr/lib/dovecot/pop3 mr,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.pop3>
} }

5
profiles/apparmor.d/usr.lib.dovecot.pop3-login
View File

@@ -1,5 +1,5 @@
# Last Modified: Wed Oct 8 00:20:57 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/lib/dovecot/pop3-login { /usr/lib/dovecot/pop3-login {
#include <abstractions/base> #include <abstractions/base>
@@ -14,4 +14,7 @@
/usr/lib/dovecot/pop3-login mr, /usr/lib/dovecot/pop3-login mr,
/var/run/dovecot/login/ r, /var/run/dovecot/login/ r,
/var/run/dovecot/login/* rw, /var/run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.pop3-login>
} }

4
profiles/apparmor.d/usr.sbin.avahi-daemon
View File

@@ -1,4 +1,3 @@
# Last Modified: Wed Aug 15 10:55:46 2007
#include <tunables/global> #include <tunables/global>
/usr/sbin/avahi-daemon { /usr/sbin/avahi-daemon {
#include <abstractions/base> #include <abstractions/base>
@@ -24,4 +23,7 @@
/var/run/avahi-daemon/pid krw, /var/run/avahi-daemon/pid krw,
/var/run/avahi-daemon/socket w, /var/run/avahi-daemon/socket w,
/var/run/dbus/system_bus_socket w, /var/run/dbus/system_bus_socket w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.avahi-daemon>
} }

4
profiles/apparmor.d/usr.sbin.dnsmasq
View File

@@ -1,4 +1,5 @@
# Author: John Dong <jdong@ubuntu.com> # Author: John Dong <jdong@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/sbin/dnsmasq { /usr/sbin/dnsmasq {
#include <abstractions/base> #include <abstractions/base>
@@ -20,4 +21,7 @@
/var/run/dnsmasq/* rw, /var/run/dnsmasq/* rw,
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.dnsmasq>
} }

5
profiles/apparmor.d/usr.sbin.dovecot
View File

@@ -1,5 +1,5 @@
# Last Modified: Fri Oct 10 17:20:34 2008
# Author: Kees Cook <kees@ubuntu.com> # Author: Kees Cook <kees@ubuntu.com>
#include <tunables/global> #include <tunables/global>
/usr/sbin/dovecot { /usr/sbin/dovecot {
#include <abstractions/authentication> #include <abstractions/authentication>
@@ -30,4 +30,7 @@
/var/lib/dovecot/* krw, /var/lib/dovecot/* krw,
/var/run/dovecot/ rw, /var/run/dovecot/ rw,
/var/run/dovecot/** rw, /var/run/dovecot/** rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.dovecot>
} }

7
profiles/apparmor.d/usr.sbin.identd
View File

@@ -1,7 +1,7 @@
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -24,4 +24,7 @@
@{PROC}/net/tcp r, @{PROC}/net/tcp r,
@{PROC}/net/tcp6 r, @{PROC}/net/tcp6 r,
/var/run/identd.pid w, /var/run/identd.pid w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.identd>
} }

8
profiles/apparmor.d/usr.sbin.mdnsd
View File

@@ -1,8 +1,7 @@
# $Id$
# vim:syntax=apparmor
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -29,4 +28,7 @@
@{PROC}/net/unix r, @{PROC}/net/unix r,
/var/run/mdnsd lw, /var/run/mdnsd lw,
/var/run/mdnsd.pid w, /var/run/mdnsd.pid w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.mdnsd>
} }

5
profiles/apparmor.d/usr.sbin.nmbd
View File

@@ -1,5 +1,3 @@
# vim:syntax=apparmor
# Last Modified: Wed Jun 20 13:22:50 2007
#include <tunables/global> #include <tunables/global>
/usr/sbin/nmbd { /usr/sbin/nmbd {
@@ -16,4 +14,7 @@
/var/run/samba/nmbd.pid rw, /var/run/samba/nmbd.pid rw,
/var/log/samba/cores/nmbd/ rw, /var/log/samba/cores/nmbd/ rw,
/var/log/samba/cores/nmbd/** rw, /var/log/samba/cores/nmbd/** rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nmbd>
} }

6
profiles/apparmor.d/usr.sbin.nscd
View File

@@ -1,8 +1,7 @@
# $Id#
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2009 Canonical Ltd. # Copyright (C) 2009-2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -40,4 +39,7 @@
@{PROC}/[0-9]*/maps r, @{PROC}/[0-9]*/maps r,
@{PROC}/[0-9]*/mounts r, @{PROC}/[0-9]*/mounts r,
@{PROC}/filesystems r, @{PROC}/filesystems r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nscd>
} }

8
profiles/apparmor.d/usr.sbin.ntpd
View File

@@ -1,8 +1,7 @@
# Last Modified: Thu Aug 2 14:37:03 2007
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -66,4 +65,7 @@
/var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r, /var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r,
@{NTPD_DEVICE} rw, @{NTPD_DEVICE} rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.ntpd>
} }

5
profiles/apparmor.d/usr.sbin.smbd
View File

@@ -1,5 +1,3 @@
# vim:syntax=apparmor
# Last Modified: Wed Jun 20 13:34:25 2007
#include <tunables/global> #include <tunables/global>
/usr/sbin/smbd { /usr/sbin/smbd {
@@ -35,4 +33,7 @@
/var/spool/samba/** rw, /var/spool/samba/** rw,
@{HOMEDIRS}/** lrw, @{HOMEDIRS}/** lrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.smbd>
} }

8
profiles/apparmor.d/usr.sbin.traceroute
View File

@@ -1,8 +1,7 @@
# Last Modified: Thu Aug 2 13:33:43 2007
# $Id$
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -20,4 +19,7 @@
/usr/sbin/traceroute rmix, /usr/sbin/traceroute rmix,
@{PROC}/net/route r, @{PROC}/net/route r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.traceroute>
} }