Merge branch 'cboltz-profile-names' into 'master'

Add profile names to all profiles with {bin,sbin} attachment See merge request apparmor/apparmor!242 Acked-by: intrigeri <intrigeri@debian.org>
2025-08-30 05:47:59 +00:00 · 2018-10-21 10:34:59 +00:00 · 2018-10-21 10:34:59 +00:00 · fd68a5eb64
commit fd68a5eb64
parent d87b6a5f6e b77116e6af
14 changed files with 16 additions and 16 deletions
--- a/profiles/apparmor.d/abstractions/apache2-common
+++ b/profiles/apparmor.d/abstractions/apache2-common
@ -7,9 +7,9 @@
  # Allow unconfined processes to send us signals by default
  signal (receive) peer=unconfined,
  # Allow apache to send us signals by default
-  signal (receive) peer=/usr/{bin,sbin}/apache2,
+  signal (receive) peer=apache2,
  # Allow other hats to signal by default
-  signal peer=/usr/{bin,sbin}/apache2//*,
+  signal peer=apache2//*,
  # Allow us to signal ourselves
  signal peer=@{profile_name},

--- a/profiles/apparmor.d/abstractions/dovecot-common
+++ b/profiles/apparmor.d/abstractions/dovecot-common
@ -14,6 +14,6 @@
  deny capability block_suspend,

  # dovecot's master can send us signals
-  signal receive peer=/usr/{bin,sbin}/dovecot,
+  signal receive peer=dovecot,

  /{var/,}run/dovecot/config rw,
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@ -29,7 +29,7 @@
  /run/dovecot/auth-userdb rw,
  /usr/bin/doveconf mrix,
  /usr/lib/dovecot/dovecot-lda mrix,
-  /usr/{bin,sbin}/sendmail Cx,
+  /usr/{bin,sbin}/sendmail Cx -> sendmail,
  /usr/share/dovecot/protocols.d/ r,
  /usr/share/dovecot/protocols.d/** r,

@ -37,7 +37,7 @@
  #include <local/usr.lib.dovecot.dovecot-lda>


-  profile /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
+  profile sendmail /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
    # this profile is based on the usr.sbin.sendmail profile in extras
    # and should support both postfix' and sendmail's sendmail binary

--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@ -1,7 +1,7 @@
 # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>

 #include <tunables/global>
-/usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
+profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {

  # This profile is completely permissive.
  # It is designed to target specific applications using mod_apparmor,
--- a/profiles/apparmor.d/usr.sbin.avahi-daemon
+++ b/profiles/apparmor.d/usr.sbin.avahi-daemon
@ -1,5 +1,5 @@
 #include <tunables/global>
-/usr/{bin,sbin}/avahi-daemon {
+profile avahi-daemon /usr/{bin,sbin}/avahi-daemon {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/dbus>
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@ -12,7 +12,7 @@

 #include <tunables/global>

-/usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
+profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
  #include <abstractions/authentication>
  #include <abstractions/base>
  #include <abstractions/dovecot-common>
--- a/profiles/apparmor.d/usr.sbin.identd
+++ b/profiles/apparmor.d/usr.sbin.identd
@ -11,7 +11,7 @@

 #include <tunables/global>

-/usr/{bin,sbin}/identd {
+profile identd /usr/{bin,sbin}/identd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  capability net_bind_service,
--- a/profiles/apparmor.d/usr.sbin.mdnsd
+++ b/profiles/apparmor.d/usr.sbin.mdnsd
@ -11,7 +11,7 @@

 #include <tunables/global>

-/usr/{bin,sbin}/mdnsd {
+profile mdnsd /usr/{bin,sbin}/mdnsd {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@ -1,6 +1,6 @@
 #include <tunables/global>

-/usr/{bin,sbin}/nmbd {
+profile nmbd /usr/{bin,sbin}/nmbd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/samba>
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@ -10,7 +10,7 @@
 # ------------------------------------------------------------------

 #include <tunables/global>
-/usr/{bin,sbin}/nscd {
+profile nscd /usr/{bin,sbin}/nscd {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@ -11,7 +11,7 @@

 #include <tunables/global>
 #include <tunables/ntpd>
-/usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
+profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@ -1,6 +1,6 @@
 #include <tunables/global>

-/usr/{bin,sbin}/smbd {
+profile smbd /usr/{bin,sbin}/smbd {
  #include <abstractions/authentication>
  #include <abstractions/base>
  #include <abstractions/consoles>
--- a/profiles/apparmor.d/usr.sbin.smbldap-useradd
+++ b/profiles/apparmor.d/usr.sbin.smbldap-useradd
@ -1,7 +1,7 @@
 # Last Modified: Tue Jan  3 00:17:40 2012
 #include <tunables/global>

-/usr/{bin,sbin}/smbldap-useradd {
+profile smbldap-useradd /usr/{bin,sbin}/smbldap-useradd {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/nameservice>
--- a/profiles/apparmor.d/usr.sbin.winbindd
+++ b/profiles/apparmor.d/usr.sbin.winbindd
@ -1,6 +1,6 @@
 #include <tunables/global>

-/usr/{bin,sbin}/winbindd {
+profile winbindd /usr/{bin,sbin}/winbindd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/samba>