2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00

From: Jeff Mahoney <jeffm@suse.com>

Subject: profiles: Add openssl abstraction
References: bnc#623886

 Profiles that use openssl have been adding the openssl files piecemeal.

 This patch creates a new openssl abstraction that can be inherited by
 all profiles that use it.


Signed-off-by: Jeff Mahoney <jeffm@suse.com>

Patch for 
- profiles/apparmor.d/abstractions/ssl_certs 
- profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork (second chunk)
updated by Christian Boltz <apparmor@cboltz.de>
(didn't apply to trunk)

Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Copyright header in profiles/apparmor.d/abstractions/openssl added by
Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz
2011-08-08 22:22:03 +02:00
parent 663698c7a6
commit b5e525b251
8 changed files with 20 additions and 6 deletions

View File

@@ -0,0 +1,13 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2011 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
/etc/ssl/openssl.cnf r,
/usr/share/ssl/openssl.cnf r,

View File

@@ -14,5 +14,6 @@
/etc/ssl/certs/* r,
/usr/share/ca-certificates/ r,
/usr/share/ca-certificates/** r,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/local/share/ca-certificates/ r,
/usr/local/share/ca-certificates/** r,

View File

@@ -15,6 +15,7 @@
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
#include <program-chunks/postfix-common>
#include <abstractions/openssl>
capability dac_override,
capability dac_read_search,
@@ -38,7 +39,6 @@
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/share/ssl/openssl.cnf r,
/etc/postfix/virtual.db r,
/etc/postfix/sasl_passwd.db r,
/etc/mtab r,

View File

@@ -15,6 +15,7 @@
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
#include <program-chunks/postfix-common>
#include <abstractions/openssl>
capability dac_override,
capability dac_read_search,
@@ -43,7 +44,6 @@
/usr/lib/sasl2/* mr,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/share/ssl/openssl.cnf r,
/{var/spool/postfix/,}pid/inet.* rw,
/{var/spool/postfix/,}private/anvil w,

View File

@@ -17,6 +17,7 @@
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
#include <abstractions/perl>
#include <abstractions/openssl>
capability kill,
capability net_bind_service,
@@ -83,7 +84,6 @@
/usr/share/snmp/mibs r,
/usr/share/snmp/mibs/*.{txt,mib} r,
/usr/share/snmp/mibs/.index wr,
/usr/share/ssl/openssl.cnf r,
/{run,var}/lock/httpd2.lock.* wl,
/var/log/apache2/* rwl,
/var/log/httpd/ssl_scache.dir r,

View File

@@ -15,10 +15,10 @@
#include <abstractions/nameservice>
#include <abstractions/authentication>
#include <abstractions/user-mail>
#include <abstractions/openssl>
/dev/urandom r,
/tmp/* rwl,
/usr/sbin/imapd r,
/usr/share/ssl/certs/imapd.pem r,
/usr/share/ssl/openssl.cnf r,
}

View File

@@ -15,10 +15,10 @@
#include <abstractions/nameservice>
#include <abstractions/authentication>
#include <abstractions/user-mail>
#include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
/usr/sbin/ipop2d rmix,
/usr/share/ssl/certs/ipop2d.pem r ,
/usr/share/ssl/openssl.cnf r ,
}

View File

@@ -15,10 +15,10 @@
#include <abstractions/nameservice>
#include <abstractions/authentication>
#include <abstractions/user-mail>
#include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
/usr/sbin/ipop3d rmix,
/usr/share/ssl/certs/ipop3d.pem r ,
/usr/share/ssl/openssl.cnf r ,
}