Browse code
Apparmor: Adding package
Changes include:
1. Adding new package package apparmor
2. Changes to docker to include apparmor during build
3. Changes to gcc to include static libs
Change-Id: I5ba78125593d7768b363f1cef511c8b5ea207e75
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5557
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
Keerthana K authored on 2018/08/31 02:16:18Showing 5 changed files
- SPECS/apparmor/apparmor-service-start-fix.patch
- SPECS/apparmor/apparmor-set-profiles-complain-mode.patch
- SPECS/apparmor/apparmor.spec
- SPECS/docker/docker.spec
- SPECS/gcc/gcc.spec
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,12 @@ |
| 0 |
+diff -Naur apparmor-2.13/parser/apparmor.service apparmor-2.13-mod/parser/apparmor.service |
|
| 1 |
+--- apparmor-2.13/parser/apparmor.service 2018-04-15 19:18:53.000000000 +0530 |
|
| 2 |
+@@ -9,7 +9,7 @@ |
|
| 3 |
+ |
|
| 4 |
+ [Service] |
|
| 5 |
+ Type=oneshot |
|
| 6 |
+-ExecStart=/lib/apparmor/apparmor.systemd reload |
|
| 7 |
++ExecStart=/lib/apparmor/apparmor.systemd start |
|
| 8 |
+ ExecReload=/lib/apparmor/apparmor.systemd reload |
|
| 9 |
+ |
|
| 10 |
+ # systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement |
| 0 | 11 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,1743 @@ |
| 0 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/bin.netstat apparmor-2.13-mod/profiles/apparmor/profiles/extras/bin.netstat |
|
| 1 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/bin.netstat 2018-04-15 19:18:53.000000000 +0530 |
|
| 2 |
+@@ -15,7 +15,7 @@ |
|
| 3 |
+ |
|
| 4 |
+ #include <tunables/global> |
|
| 5 |
+ |
|
| 6 |
+-profile netstat /{usr/,}bin/netstat {
|
|
| 7 |
++profile netstat /{usr/,}bin/netstat flags=(complain) {
|
|
| 8 |
+ #include <abstractions/base> |
|
| 9 |
+ #include <abstractions/consoles> |
|
| 10 |
+ #include <abstractions/nameservice> |
|
| 11 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate |
|
| 12 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate 2018-04-15 19:18:53.000000000 +0530 |
|
| 13 |
+@@ -13,7 +13,7 @@ |
|
| 14 |
+ |
|
| 15 |
+ #include <tunables/global> |
|
| 16 |
+ |
|
| 17 |
+-/etc/cron.daily/logrotate {
|
|
| 18 |
++/etc/cron.daily/logrotate flags=(complain) {
|
|
| 19 |
+ #include <abstractions/base> |
|
| 20 |
+ #include <abstractions/bash> |
|
| 21 |
+ #include <abstractions/nameservice> |
|
| 22 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron |
|
| 23 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron 2018-04-15 19:18:53.000000000 +0530 |
|
| 24 |
+@@ -14,7 +14,7 @@ |
|
| 25 |
+ |
|
| 26 |
+ #include <tunables/global> |
|
| 27 |
+ |
|
| 28 |
+-/etc/cron.daily/slocate.cron {
|
|
| 29 |
++/etc/cron.daily/slocate.cron flags=(complain) {
|
|
| 30 |
+ #include <abstractions/base> |
|
| 31 |
+ /{usr/,}bin/bash mixr,
|
|
| 32 |
+ /dev/tty wr , |
|
| 33 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch |
|
| 34 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch 2018-04-15 19:18:53.000000000 +0530 |
|
| 35 |
+@@ -10,7 +10,7 @@ |
|
| 36 |
+ |
|
| 37 |
+ #include <tunables/global> |
|
| 38 |
+ |
|
| 39 |
+-/etc/cron.daily/tmpwatch {
|
|
| 40 |
++/etc/cron.daily/tmpwatch flags=(complain) {
|
|
| 41 |
+ #include <abstractions/base> |
|
| 42 |
+ /etc/cron.daily/tmpwatch r, |
|
| 43 |
+ /tmp r, |
|
| 44 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhclient |
|
| 45 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient 2018-04-15 19:18:53.000000000 +0530 |
|
| 46 |
+@@ -21,7 +21,7 @@ |
|
| 47 |
+ |
|
| 48 |
+ #include <tunables/global> |
|
| 49 |
+ |
|
| 50 |
+-profile dhclient /{usr/,}sbin/dhclient {
|
|
| 51 |
++profile dhclient /{usr/,}sbin/dhclient flags=(complain) {
|
|
| 52 |
+ #include <abstractions/base> |
|
| 53 |
+ #include <abstractions/bash> |
|
| 54 |
+ #include <abstractions/nameservice> |
|
| 55 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient-script apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhclient-script |
|
| 56 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient-script 2018-04-15 19:18:53.000000000 +0530 |
|
| 57 |
+@@ -4,7 +4,7 @@ |
|
| 58 |
+ # dhclient-script will call plugins from /etc/netconfig.d, so this |
|
| 59 |
+ # will need to be extended on a per-site basis. |
|
| 60 |
+ |
|
| 61 |
+-profile dhclient-script /{usr/,}sbin/dhclient-script {
|
|
| 62 |
++profile dhclient-script /{usr/,}sbin/dhclient-script flags=(complain) {
|
|
| 63 |
+ #include <abstractions/base> |
|
| 64 |
+ #include <abstractions/bash> |
|
| 65 |
+ #include <abstractions/consoles> |
|
| 66 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhcpcd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhcpcd |
|
| 67 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhcpcd 2018-04-15 19:18:53.000000000 +0530 |
|
| 68 |
+@@ -18,7 +18,7 @@ |
|
| 69 |
+ |
|
| 70 |
+ #include <tunables/global> |
|
| 71 |
+ |
|
| 72 |
+-profile dhcpcd /{usr/,}sbin/dhcpcd {
|
|
| 73 |
++profile dhcpcd /{usr/,}sbin/dhcpcd flags=(complain) {
|
|
| 74 |
+ #include <abstractions/base> |
|
| 75 |
+ #include <abstractions/nameservice> |
|
| 76 |
+ |
|
| 77 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.portmap apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.portmap |
|
| 78 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.portmap 2018-04-15 19:18:53.000000000 +0530 |
|
| 79 |
+@@ -10,7 +10,7 @@ |
|
| 80 |
+ |
|
| 81 |
+ #include <tunables/global> |
|
| 82 |
+ |
|
| 83 |
+-profile portmap /{usr/,}sbin/portmap {
|
|
| 84 |
++profile portmap /{usr/,}sbin/portmap flags=(complain) {
|
|
| 85 |
+ #include <abstractions/base> |
|
| 86 |
+ #include <abstractions/nameservice> |
|
| 87 |
+ |
|
| 88 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.resmgrd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.resmgrd |
|
| 89 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.resmgrd 2018-04-15 19:18:53.000000000 +0530 |
|
| 90 |
+@@ -12,7 +12,7 @@ |
|
| 91 |
+ |
|
| 92 |
+ #include <tunables/global> |
|
| 93 |
+ |
|
| 94 |
+-profile resmgrd /{usr/,}sbin/resmgrd {
|
|
| 95 |
++profile resmgrd /{usr/,}sbin/resmgrd flags=(complain) {
|
|
| 96 |
+ #include <abstractions/base> |
|
| 97 |
+ #include <abstractions/nameservice> |
|
| 98 |
+ |
|
| 99 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.lockd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.rpc.lockd |
|
| 100 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.lockd 2018-04-15 19:18:53.000000000 +0530 |
|
| 101 |
+@@ -10,7 +10,7 @@ |
|
| 102 |
+ |
|
| 103 |
+ #include <tunables/global> |
|
| 104 |
+ |
|
| 105 |
+-profile rpc.lockd /{usr/,}sbin/rpc.lockd {
|
|
| 106 |
++profile rpc.lockd /{usr/,}sbin/rpc.lockd flags=(complain) {
|
|
| 107 |
+ #include <abstractions/base> |
|
| 108 |
+ /{usr/,}sbin/rpc.lockd rmix,
|
|
| 109 |
+ } |
|
| 110 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.statd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.rpc.statd |
|
| 111 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.statd 2018-04-15 19:18:53.000000000 +0530 |
|
| 112 |
+@@ -10,7 +10,7 @@ |
|
| 113 |
+ |
|
| 114 |
+ #include <tunables/global> |
|
| 115 |
+ |
|
| 116 |
+-profile rpc.statd /{usr/,}sbin/rpc.statd {
|
|
| 117 |
++profile rpc.statd /{usr/,}sbin/rpc.statd flags=(complain) {
|
|
| 118 |
+ #include <abstractions/base> |
|
| 119 |
+ #include <abstractions/nameservice> |
|
| 120 |
+ /etc/rpc r, |
|
| 121 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.acroread apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.acroread |
|
| 122 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.acroread 2018-04-15 19:18:53.000000000 +0530 |
|
| 123 |
+@@ -12,7 +12,7 @@ |
|
| 124 |
+ |
|
| 125 |
+ #include <tunables/global> |
|
| 126 |
+ |
|
| 127 |
+-/usr/X11R6/bin/acroread {
|
|
| 128 |
++/usr/X11R6/bin/acroread flags=(complain) {
|
|
| 129 |
+ #include <abstractions/base> |
|
| 130 |
+ #include <abstractions/bash> |
|
| 131 |
+ #include <abstractions/consoles> |
|
| 132 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.apropos apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.apropos |
|
| 133 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.apropos 2018-04-15 19:18:53.000000000 +0530 |
|
| 134 |
+@@ -10,7 +10,7 @@ |
|
| 135 |
+ |
|
| 136 |
+ #include <tunables/global> |
|
| 137 |
+ |
|
| 138 |
+-/usr/bin/apropos {
|
|
| 139 |
++/usr/bin/apropos flags=(complain) {
|
|
| 140 |
+ #include <abstractions/base> |
|
| 141 |
+ #include <abstractions/bash> |
|
| 142 |
+ #include <abstractions/consoles> |
|
| 143 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 |
|
| 144 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 2018-04-15 19:18:53.000000000 +0530 |
|
| 145 |
+@@ -40,7 +40,7 @@ |
|
| 146 |
+ |
|
| 147 |
+ #include <tunables/global> |
|
| 148 |
+ |
|
| 149 |
+-/usr/bin/evolution-2.10 {
|
|
| 150 |
++/usr/bin/evolution-2.10 flags=(complain) {
|
|
| 151 |
+ #include <abstractions/base> |
|
| 152 |
+ #include <abstractions/bash> |
|
| 153 |
+ #include <abstractions/consoles> |
|
| 154 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.fam apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.fam |
|
| 155 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.fam 2018-04-15 19:18:53.000000000 +0530 |
|
| 156 |
+@@ -10,7 +10,7 @@ |
|
| 157 |
+ |
|
| 158 |
+ #include <tunables/global> |
|
| 159 |
+ |
|
| 160 |
+-/usr/bin/fam {
|
|
| 161 |
++/usr/bin/fam flags=(complain) {
|
|
| 162 |
+ #include <abstractions/base> |
|
| 163 |
+ #include <abstractions/nameservice> |
|
| 164 |
+ /tmp/.fam* wl, |
|
| 165 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.freshclam apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.freshclam |
|
| 166 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.freshclam 2018-04-15 19:18:53.000000000 +0530 |
|
| 167 |
+@@ -10,7 +10,7 @@ |
|
| 168 |
+ |
|
| 169 |
+ #include <tunables/global> |
|
| 170 |
+ |
|
| 171 |
+-/usr/bin/freshclam {
|
|
| 172 |
++/usr/bin/freshclam flags=(complain) {
|
|
| 173 |
+ #include <abstractions/base> |
|
| 174 |
+ #include <abstractions/consoles> |
|
| 175 |
+ #include <abstractions/nameservice> |
|
| 176 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.gaim apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.gaim |
|
| 177 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.gaim 2018-04-15 19:18:53.000000000 +0530 |
|
| 178 |
+@@ -12,7 +12,7 @@ |
|
| 179 |
+ |
|
| 180 |
+ #include <tunables/global> |
|
| 181 |
+ |
|
| 182 |
+-/usr/bin/gaim {
|
|
| 183 |
++/usr/bin/gaim flags=(complain) {
|
|
| 184 |
+ #include <abstractions/audio> |
|
| 185 |
+ #include <abstractions/base> |
|
| 186 |
+ #include <abstractions/bash> |
|
| 187 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.man apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.man |
|
| 188 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.man 2018-04-15 19:18:53.000000000 +0530 |
|
| 189 |
+@@ -14,7 +14,7 @@ |
|
| 190 |
+ |
|
| 191 |
+ #include <tunables/global> |
|
| 192 |
+ |
|
| 193 |
+-/usr/bin/man {
|
|
| 194 |
++/usr/bin/man flags=(complain) {
|
|
| 195 |
+ #include <abstractions/base> |
|
| 196 |
+ #include <abstractions/nameservice> |
|
| 197 |
+ |
|
| 198 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce |
|
| 199 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce 2018-04-15 19:18:53.000000000 +0530 |
|
| 200 |
+@@ -12,7 +12,7 @@ |
|
| 201 |
+ |
|
| 202 |
+ #include <tunables/global> |
|
| 203 |
+ |
|
| 204 |
+-/usr/bin/mlmmj-bounce {
|
|
| 205 |
++/usr/bin/mlmmj-bounce flags=(complain) {
|
|
| 206 |
+ #include <abstractions/base> |
|
| 207 |
+ |
|
| 208 |
+ /usr/bin/mlmmj-bounce mr, |
|
| 209 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd |
|
| 210 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd 2018-04-15 19:18:53.000000000 +0530 |
|
| 211 |
+@@ -12,7 +12,7 @@ |
|
| 212 |
+ |
|
| 213 |
+ #include <tunables/global> |
|
| 214 |
+ |
|
| 215 |
+-/usr/bin/mlmmj-maintd {
|
|
| 216 |
++/usr/bin/mlmmj-maintd flags=(complain) {
|
|
| 217 |
+ #include <abstractions/base> |
|
| 218 |
+ |
|
| 219 |
+ capability setuid, |
|
| 220 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh |
|
| 221 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh 2018-04-15 19:18:53.000000000 +0530 |
|
| 222 |
+@@ -11,7 +11,7 @@ |
|
| 223 |
+ |
|
| 224 |
+ #include <tunables/global> |
|
| 225 |
+ |
|
| 226 |
+-/usr/bin/mlmmj-make-ml.sh {
|
|
| 227 |
++/usr/bin/mlmmj-make-ml.sh flags=(complain) {
|
|
| 228 |
+ #include <abstractions/base> |
|
| 229 |
+ #include <abstractions/bash> |
|
| 230 |
+ #include <abstractions/consoles> |
|
| 231 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process |
|
| 232 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process 2018-04-15 19:18:53.000000000 +0530 |
|
| 233 |
+@@ -12,7 +12,7 @@ |
|
| 234 |
+ |
|
| 235 |
+ #include <tunables/global> |
|
| 236 |
+ |
|
| 237 |
+-/usr/bin/mlmmj-process {
|
|
| 238 |
++/usr/bin/mlmmj-process flags=(complain) {
|
|
| 239 |
+ #include <abstractions/base> |
|
| 240 |
+ |
|
| 241 |
+ /usr/bin/mlmmj-process mr, |
|
| 242 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive |
|
| 243 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive 2018-04-15 19:18:53.000000000 +0530 |
|
| 244 |
+@@ -12,7 +12,7 @@ |
|
| 245 |
+ |
|
| 246 |
+ #include <tunables/global> |
|
| 247 |
+ |
|
| 248 |
+-/usr/bin/mlmmj-receive {
|
|
| 249 |
++/usr/bin/mlmmj-receive flags=(complain) {
|
|
| 250 |
+ #include <abstractions/base> |
|
| 251 |
+ |
|
| 252 |
+ /usr/bin/mlmmj-process Px, |
|
| 253 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve |
|
| 254 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve 2018-04-15 19:18:53.000000000 +0530 |
|
| 255 |
+@@ -16,7 +16,7 @@ |
|
| 256 |
+ |
|
| 257 |
+ #include <tunables/global> |
|
| 258 |
+ |
|
| 259 |
+-/usr/bin/mlmmj-recieve {
|
|
| 260 |
++/usr/bin/mlmmj-recieve flags=(complain) {
|
|
| 261 |
+ #include <abstractions/base> |
|
| 262 |
+ |
|
| 263 |
+ /usr/bin/mlmmj-process Px, |
|
| 264 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send |
|
| 265 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send 2018-04-15 19:18:53.000000000 +0530 |
|
| 266 |
+@@ -12,7 +12,7 @@ |
|
| 267 |
+ |
|
| 268 |
+ #include <tunables/global> |
|
| 269 |
+ |
|
| 270 |
+-/usr/bin/mlmmj-send {
|
|
| 271 |
++/usr/bin/mlmmj-send flags=(complain) {
|
|
| 272 |
+ #include <abstractions/base> |
|
| 273 |
+ #include <abstractions/nameservice> |
|
| 274 |
+ |
|
| 275 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub |
|
| 276 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2018-04-15 19:18:53.000000000 +0530 |
|
| 277 |
+@@ -12,7 +12,7 @@ |
|
| 278 |
+ |
|
| 279 |
+ #include <tunables/global> |
|
| 280 |
+ |
|
| 281 |
+-/usr/bin/mlmmj-sub {
|
|
| 282 |
++/usr/bin/mlmmj-sub flags=(complain) {
|
|
| 283 |
+ #include <abstractions/base> |
|
| 284 |
+ |
|
| 285 |
+ capability setuid, |
|
| 286 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub |
|
| 287 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub 2018-04-15 19:18:53.000000000 +0530 |
|
| 288 |
+@@ -12,7 +12,7 @@ |
|
| 289 |
+ |
|
| 290 |
+ #include <tunables/global> |
|
| 291 |
+ |
|
| 292 |
+-/usr/bin/mlmmj-unsub {
|
|
| 293 |
++/usr/bin/mlmmj-unsub flags=(complain) {
|
|
| 294 |
+ #include <abstractions/base> |
|
| 295 |
+ |
|
| 296 |
+ /usr/bin/mlmmj-unsub mr, |
|
| 297 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.opera apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.opera |
|
| 298 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.opera 2018-04-15 19:18:53.000000000 +0530 |
|
| 299 |
+@@ -10,7 +10,7 @@ |
|
| 300 |
+ # vim:syntax=apparmor |
|
| 301 |
+ |
|
| 302 |
+ #include <tunables/global> |
|
| 303 |
+-/usr/bin/opera {
|
|
| 304 |
++/usr/bin/opera flags=(complain) {
|
|
| 305 |
+ #include <abstractions/base> |
|
| 306 |
+ #include <abstractions/bash> |
|
| 307 |
+ #include <abstractions/consoles> |
|
| 308 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.passwd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.passwd |
|
| 309 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.passwd 2018-04-15 19:18:53.000000000 +0530 |
|
| 310 |
+@@ -11,7 +11,7 @@ |
|
| 311 |
+ |
|
| 312 |
+ #include <tunables/global> |
|
| 313 |
+ |
|
| 314 |
+-/usr/bin/passwd {
|
|
| 315 |
++/usr/bin/passwd flags=(complain) {
|
|
| 316 |
+ #include <abstractions/authentication> |
|
| 317 |
+ #include <abstractions/base> |
|
| 318 |
+ #include <abstractions/consoles> |
|
| 319 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.procmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.procmail |
|
| 320 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.procmail 2018-04-15 19:18:53.000000000 +0530 |
|
| 321 |
+@@ -10,7 +10,7 @@ |
|
| 322 |
+ |
|
| 323 |
+ #include <tunables/global> |
|
| 324 |
+ |
|
| 325 |
+-/usr/bin/procmail {
|
|
| 326 |
++/usr/bin/procmail flags=(complain) {
|
|
| 327 |
+ #include <abstractions/base> |
|
| 328 |
+ #include <abstractions/bash> |
|
| 329 |
+ #include <abstractions/nameservice> |
|
| 330 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.spamc apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.spamc |
|
| 331 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.spamc 2018-04-15 19:18:53.000000000 +0530 |
|
| 332 |
+@@ -12,7 +12,7 @@ |
|
| 333 |
+ |
|
| 334 |
+ #include <tunables/global> |
|
| 335 |
+ |
|
| 336 |
+-/usr/bin/spamc {
|
|
| 337 |
++/usr/bin/spamc flags=(complain) {
|
|
| 338 |
+ #include <abstractions/base> |
|
| 339 |
+ #include <abstractions/nameservice> |
|
| 340 |
+ |
|
| 341 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.svnserve apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.svnserve |
|
| 342 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.svnserve 2018-04-15 19:18:53.000000000 +0530 |
|
| 343 |
+@@ -10,7 +10,7 @@ |
|
| 344 |
+ |
|
| 345 |
+ #include <tunables/global> |
|
| 346 |
+ |
|
| 347 |
+-/usr/bin/svnserve {
|
|
| 348 |
++/usr/bin/svnserve flags=(complain) {
|
|
| 349 |
+ #include <abstractions/base> |
|
| 350 |
+ #include <abstractions/nameservice> |
|
| 351 |
+ |
|
| 352 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.wireshark apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.wireshark |
|
| 353 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.wireshark 2018-04-15 19:18:53.000000000 +0530 |
|
| 354 |
+@@ -12,7 +12,7 @@ |
|
| 355 |
+ |
|
| 356 |
+ #include <tunables/global> |
|
| 357 |
+ |
|
| 358 |
+-/usr/bin/wireshark {
|
|
| 359 |
++/usr/bin/wireshark flags=(complain) {
|
|
| 360 |
+ #include <abstractions/base> |
|
| 361 |
+ #include <abstractions/bash> |
|
| 362 |
+ #include <abstractions/consoles> |
|
| 363 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.xfs apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.xfs |
|
| 364 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.xfs 2018-04-15 19:18:53.000000000 +0530 |
|
| 365 |
+@@ -10,7 +10,7 @@ |
|
| 366 |
+ |
|
| 367 |
+ #include <tunables/global> |
|
| 368 |
+ |
|
| 369 |
+-/usr/bin/xfs {
|
|
| 370 |
++/usr/bin/xfs flags=(complain) {
|
|
| 371 |
+ #include <abstractions/base> |
|
| 372 |
+ #include <abstractions/nameservice> |
|
| 373 |
+ |
|
| 374 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 |
|
| 375 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 2018-04-15 19:18:53.000000000 +0530 |
|
| 376 |
+@@ -12,7 +12,7 @@ |
|
| 377 |
+ |
|
| 378 |
+ #include <tunables/global> |
|
| 379 |
+ |
|
| 380 |
+-/usr/lib64/GConf/2/gconfd-2 {
|
|
| 381 |
++/usr/lib64/GConf/2/gconfd-2 flags=(complain) {
|
|
| 382 |
+ #include <abstractions/base> |
|
| 383 |
+ #include <abstractions/nameservice> |
|
| 384 |
+ #include <abstractions/user-tmp> |
|
| 385 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server |
|
| 386 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server 2018-04-15 19:18:53.000000000 +0530 |
|
| 387 |
+@@ -12,7 +12,7 @@ |
|
| 388 |
+ |
|
| 389 |
+ #include <tunables/global> |
|
| 390 |
+ |
|
| 391 |
+-/usr/lib/bonobo/bonobo-activation-server {
|
|
| 392 |
++/usr/lib/bonobo/bonobo-activation-server flags=(complain) {
|
|
| 393 |
+ #include <abstractions/base> |
|
| 394 |
+ #include <abstractions/nameservice> |
|
| 395 |
+ #include <abstractions/user-tmp> |
|
| 396 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 |
|
| 397 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 2018-04-15 19:18:53.000000000 +0530 |
|
| 398 |
+@@ -12,7 +12,7 @@ |
|
| 399 |
+ |
|
| 400 |
+ #include <tunables/global> |
|
| 401 |
+ |
|
| 402 |
+-/usr/lib/evolution-data-server/evolution-data-server-1.10 {
|
|
| 403 |
++/usr/lib/evolution-data-server/evolution-data-server-1.10 flags=(complain) {
|
|
| 404 |
+ #include <abstractions/base> |
|
| 405 |
+ #include <abstractions/nameservice> |
|
| 406 |
+ #include <abstractions/user-tmp> |
|
| 407 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox |
|
| 408 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox 2018-04-15 19:18:53.000000000 +0530 |
|
| 409 |
+@@ -16,7 +16,7 @@ |
|
| 410 |
+ # /usr/lib/firefox-4.0b8/firefox |
|
| 411 |
+ # but not: |
|
| 412 |
+ # /usr/lib/firefox-4.0b8/firefox.sh |
|
| 413 |
+-/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
|
|
| 414 |
++/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} flags=(complain) {
|
|
| 415 |
+ #include <abstractions/audio> |
|
| 416 |
+ #include <abstractions/cups-client> |
|
| 417 |
+ #include <abstractions/dbus-session> |
|
| 418 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh |
|
| 419 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh 2018-04-15 19:18:53.000000000 +0530 |
|
| 420 |
+@@ -1,7 +1,7 @@ |
|
| 421 |
+ # Last Modified: Wed Nov 5 03:32:59 2008 |
|
| 422 |
+ #include <tunables/global> |
|
| 423 |
+ |
|
| 424 |
+-/usr/lib/firefox/firefox.sh {
|
|
| 425 |
++/usr/lib/firefox/firefox.sh flags=(complain) {
|
|
| 426 |
+ #include <abstractions/base> |
|
| 427 |
+ #include <abstractions/bash> |
|
| 428 |
+ #include <abstractions/consoles> |
|
| 429 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client |
|
| 430 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client 2018-04-15 19:18:53.000000000 +0530 |
|
| 431 |
+@@ -12,7 +12,7 @@ |
|
| 432 |
+ |
|
| 433 |
+ #include <tunables/global> |
|
| 434 |
+ |
|
| 435 |
+-/usr/lib/firefox/mozilla-xremote-client {
|
|
| 436 |
++/usr/lib/firefox/mozilla-xremote-client flags=(complain) {
|
|
| 437 |
+ #include <abstractions/base> |
|
| 438 |
+ #include <abstractions/X> |
|
| 439 |
+ |
|
| 440 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 |
|
| 441 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 2018-04-15 19:18:53.000000000 +0530 |
|
| 442 |
+@@ -12,7 +12,7 @@ |
|
| 443 |
+ |
|
| 444 |
+ #include <tunables/global> |
|
| 445 |
+ |
|
| 446 |
+-/usr/lib/GConf/2/gconfd-2 {
|
|
| 447 |
++/usr/lib/GConf/2/gconfd-2 flags=(complain) {
|
|
| 448 |
+ #include <abstractions/base> |
|
| 449 |
+ #include <abstractions/nameservice> |
|
| 450 |
+ #include <abstractions/user-tmp> |
|
| 451 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.man-db.man apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.man-db.man |
|
| 452 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.man-db.man 2018-04-15 19:18:53.000000000 +0530 |
|
| 453 |
+@@ -11,7 +11,7 @@ |
|
| 454 |
+ |
|
| 455 |
+ #include <tunables/global> |
|
| 456 |
+ |
|
| 457 |
+-/usr/lib/man-db/man {
|
|
| 458 |
++/usr/lib/man-db/man flags=(complain) {
|
|
| 459 |
+ #include <abstractions/base> |
|
| 460 |
+ #include <abstractions/bash> |
|
| 461 |
+ #include <abstractions/consoles> |
|
| 462 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil |
|
| 463 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil 2018-04-15 19:18:53.000000000 +0530 |
|
| 464 |
+@@ -10,7 +10,7 @@ |
|
| 465 |
+ |
|
| 466 |
+ #include <tunables/global> |
|
| 467 |
+ |
|
| 468 |
+-/usr/lib/postfix/anvil {
|
|
| 469 |
++/usr/lib/postfix/anvil flags=(complain) {
|
|
| 470 |
+ #include <abstractions/base> |
|
| 471 |
+ #include <abstractions/nameservice> |
|
| 472 |
+ #include <abstractions/postfix-common> |
|
| 473 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce |
|
| 474 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce 2018-04-15 19:18:53.000000000 +0530 |
|
| 475 |
+@@ -10,7 +10,7 @@ |
|
| 476 |
+ |
|
| 477 |
+ #include <tunables/global> |
|
| 478 |
+ |
|
| 479 |
+-/usr/lib/postfix/bounce {
|
|
| 480 |
++/usr/lib/postfix/bounce flags=(complain) {
|
|
| 481 |
+ #include <abstractions/base> |
|
| 482 |
+ #include <abstractions/nameservice> |
|
| 483 |
+ #include <abstractions/postfix-common> |
|
| 484 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup |
|
| 485 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup 2018-04-15 19:18:53.000000000 +0530 |
|
| 486 |
+@@ -10,7 +10,7 @@ |
|
| 487 |
+ |
|
| 488 |
+ #include <tunables/global> |
|
| 489 |
+ |
|
| 490 |
+-/usr/lib/postfix/cleanup {
|
|
| 491 |
++/usr/lib/postfix/cleanup flags=(complain) {
|
|
| 492 |
+ #include <abstractions/base> |
|
| 493 |
+ #include <abstractions/nameservice> |
|
| 494 |
+ #include <abstractions/postfix-common> |
|
| 495 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.discard apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.discard |
|
| 496 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.discard 2018-04-15 19:18:53.000000000 +0530 |
|
| 497 |
+@@ -11,7 +11,7 @@ |
|
| 498 |
+ |
|
| 499 |
+ #include <tunables/global> |
|
| 500 |
+ |
|
| 501 |
+-/usr/lib/postfix/discard {
|
|
| 502 |
++/usr/lib/postfix/discard flags=(complain) {
|
|
| 503 |
+ #include <abstractions/base> |
|
| 504 |
+ |
|
| 505 |
+ /usr/lib/postfix/discard rmix, |
|
| 506 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.error apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.error |
|
| 507 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.error 2018-04-15 19:18:53.000000000 +0530 |
|
| 508 |
+@@ -11,7 +11,7 @@ |
|
| 509 |
+ |
|
| 510 |
+ #include <tunables/global> |
|
| 511 |
+ |
|
| 512 |
+-/usr/lib/postfix/error {
|
|
| 513 |
++/usr/lib/postfix/error flags=(complain) {
|
|
| 514 |
+ #include <abstractions/base> |
|
| 515 |
+ #include <abstractions/nameservice> |
|
| 516 |
+ #include <abstractions/postfix-common> |
|
| 517 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.flush apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.flush |
|
| 518 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.flush 2018-04-15 19:18:53.000000000 +0530 |
|
| 519 |
+@@ -10,7 +10,7 @@ |
|
| 520 |
+ |
|
| 521 |
+ #include <tunables/global> |
|
| 522 |
+ |
|
| 523 |
+-/usr/lib/postfix/flush {
|
|
| 524 |
++/usr/lib/postfix/flush flags=(complain) {
|
|
| 525 |
+ #include <abstractions/base> |
|
| 526 |
+ #include <abstractions/nameservice> |
|
| 527 |
+ #include <abstractions/postfix-common> |
|
| 528 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp |
|
| 529 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp 2018-04-15 19:18:53.000000000 +0530 |
|
| 530 |
+@@ -11,7 +11,7 @@ |
|
| 531 |
+ |
|
| 532 |
+ #include <tunables/global> |
|
| 533 |
+ |
|
| 534 |
+-/usr/lib/postfix/lmtp {
|
|
| 535 |
++/usr/lib/postfix/lmtp flags=(complain) {
|
|
| 536 |
+ #include <abstractions/base> |
|
| 537 |
+ #include <abstractions/nameservice> |
|
| 538 |
+ #include <abstractions/postfix-common> |
|
| 539 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.local apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.local |
|
| 540 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.local 2018-04-15 19:18:53.000000000 +0530 |
|
| 541 |
+@@ -10,7 +10,7 @@ |
|
| 542 |
+ |
|
| 543 |
+ #include <tunables/global> |
|
| 544 |
+ |
|
| 545 |
+-/usr/lib/postfix/local {
|
|
| 546 |
++/usr/lib/postfix/local flags=(complain) {
|
|
| 547 |
+ #include <abstractions/base> |
|
| 548 |
+ #include <abstractions/bash> |
|
| 549 |
+ #include <abstractions/nameservice> |
|
| 550 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.master apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.master |
|
| 551 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.master 2018-04-15 19:18:53.000000000 +0530 |
|
| 552 |
+@@ -10,7 +10,7 @@ |
|
| 553 |
+ |
|
| 554 |
+ #include <tunables/global> |
|
| 555 |
+ |
|
| 556 |
+-/usr/lib/postfix/master {
|
|
| 557 |
++/usr/lib/postfix/master flags=(complain) {
|
|
| 558 |
+ #include <abstractions/base> |
|
| 559 |
+ #include <abstractions/nameservice> |
|
| 560 |
+ #include <abstractions/postfix-common> |
|
| 561 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr |
|
| 562 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr 2018-04-15 19:18:53.000000000 +0530 |
|
| 563 |
+@@ -10,7 +10,7 @@ |
|
| 564 |
+ |
|
| 565 |
+ #include <tunables/global> |
|
| 566 |
+ |
|
| 567 |
+-/usr/lib/postfix/nqmgr {
|
|
| 568 |
++/usr/lib/postfix/nqmgr flags=(complain) {
|
|
| 569 |
+ #include <abstractions/base> |
|
| 570 |
+ #include <abstractions/nameservice> |
|
| 571 |
+ #include <abstractions/postfix-common> |
|
| 572 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr |
|
| 573 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr 2018-04-15 19:18:53.000000000 +0530 |
|
| 574 |
+@@ -11,7 +11,7 @@ |
|
| 575 |
+ |
|
| 576 |
+ #include <tunables/global> |
|
| 577 |
+ |
|
| 578 |
+-/usr/lib/postfix/oqmgr {
|
|
| 579 |
++/usr/lib/postfix/oqmgr flags=(complain) {
|
|
| 580 |
+ #include <abstractions/base> |
|
| 581 |
+ #include <abstractions/nameservice> |
|
| 582 |
+ #include <abstractions/postfix-common> |
|
| 583 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup |
|
| 584 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup 2018-04-15 19:18:53.000000000 +0530 |
|
| 585 |
+@@ -10,7 +10,7 @@ |
|
| 586 |
+ |
|
| 587 |
+ #include <tunables/global> |
|
| 588 |
+ |
|
| 589 |
+-/usr/lib/postfix/pickup {
|
|
| 590 |
++/usr/lib/postfix/pickup flags=(complain) {
|
|
| 591 |
+ #include <abstractions/base> |
|
| 592 |
+ #include <abstractions/nameservice> |
|
| 593 |
+ #include <abstractions/postfix-common> |
|
| 594 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe |
|
| 595 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe 2018-04-15 19:18:53.000000000 +0530 |
|
| 596 |
+@@ -11,7 +11,7 @@ |
|
| 597 |
+ |
|
| 598 |
+ #include <tunables/global> |
|
| 599 |
+ |
|
| 600 |
+-/usr/lib/postfix/pipe {
|
|
| 601 |
++/usr/lib/postfix/pipe flags=(complain) {
|
|
| 602 |
+ #include <abstractions/base> |
|
| 603 |
+ #include <abstractions/nameservice> |
|
| 604 |
+ #include <abstractions/postfix-common> |
|
| 605 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap |
|
| 606 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap 2018-04-15 19:18:53.000000000 +0530 |
|
| 607 |
+@@ -10,7 +10,7 @@ |
|
| 608 |
+ |
|
| 609 |
+ #include <tunables/global> |
|
| 610 |
+ |
|
| 611 |
+-/usr/lib/postfix/proxymap {
|
|
| 612 |
++/usr/lib/postfix/proxymap flags=(complain) {
|
|
| 613 |
+ #include <abstractions/base> |
|
| 614 |
+ #include <abstractions/nameservice> |
|
| 615 |
+ #include <abstractions/postfix-common> |
|
| 616 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr |
|
| 617 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr 2018-04-15 19:18:53.000000000 +0530 |
|
| 618 |
+@@ -10,7 +10,7 @@ |
|
| 619 |
+ |
|
| 620 |
+ #include <tunables/global> |
|
| 621 |
+ |
|
| 622 |
+-/usr/lib/postfix/qmgr {
|
|
| 623 |
++/usr/lib/postfix/qmgr flags=(complain) {
|
|
| 624 |
+ #include <abstractions/base> |
|
| 625 |
+ #include <abstractions/nameservice> |
|
| 626 |
+ #include <abstractions/postfix-common> |
|
| 627 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd |
|
| 628 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 629 |
+@@ -10,7 +10,7 @@ |
|
| 630 |
+ |
|
| 631 |
+ #include <tunables/global> |
|
| 632 |
+ |
|
| 633 |
+-/usr/lib/postfix/qmqpd {
|
|
| 634 |
++/usr/lib/postfix/qmqpd flags=(complain) {
|
|
| 635 |
+ #include <abstractions/base> |
|
| 636 |
+ #include <abstractions/nameservice> |
|
| 637 |
+ #include <abstractions/postfix-common> |
|
| 638 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.scache apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.scache |
|
| 639 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.scache 2018-04-15 19:18:53.000000000 +0530 |
|
| 640 |
+@@ -12,7 +12,7 @@ |
|
| 641 |
+ |
|
| 642 |
+ #include <tunables/global> |
|
| 643 |
+ |
|
| 644 |
+-/usr/lib/postfix/scache {
|
|
| 645 |
++/usr/lib/postfix/scache flags=(complain) {
|
|
| 646 |
+ #include <abstractions/base> |
|
| 647 |
+ #include <abstractions/nameservice> |
|
| 648 |
+ #include <abstractions/postfix-common> |
|
| 649 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.showq apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.showq |
|
| 650 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.showq 2018-04-15 19:18:53.000000000 +0530 |
|
| 651 |
+@@ -10,7 +10,7 @@ |
|
| 652 |
+ |
|
| 653 |
+ #include <tunables/global> |
|
| 654 |
+ |
|
| 655 |
+-/usr/lib/postfix/showq {
|
|
| 656 |
++/usr/lib/postfix/showq flags=(complain) {
|
|
| 657 |
+ #include <abstractions/base> |
|
| 658 |
+ #include <abstractions/nameservice> |
|
| 659 |
+ #include <abstractions/postfix-common> |
|
| 660 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp |
|
| 661 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp 2018-04-15 19:18:53.000000000 +0530 |
|
| 662 |
+@@ -10,7 +10,7 @@ |
|
| 663 |
+ |
|
| 664 |
+ #include <tunables/global> |
|
| 665 |
+ |
|
| 666 |
+-/usr/lib/postfix/smtp {
|
|
| 667 |
++/usr/lib/postfix/smtp flags=(complain) {
|
|
| 668 |
+ #include <abstractions/base> |
|
| 669 |
+ #include <abstractions/nameservice> |
|
| 670 |
+ #include <abstractions/postfix-common> |
|
| 671 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd |
|
| 672 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 673 |
+@@ -10,7 +10,7 @@ |
|
| 674 |
+ |
|
| 675 |
+ #include <tunables/global> |
|
| 676 |
+ |
|
| 677 |
+-/usr/lib/postfix/smtpd {
|
|
| 678 |
++/usr/lib/postfix/smtpd flags=(complain) {
|
|
| 679 |
+ #include <abstractions/base> |
|
| 680 |
+ #include <abstractions/nameservice> |
|
| 681 |
+ #include <abstractions/postfix-common> |
|
| 682 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn |
|
| 683 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn 2018-04-15 19:18:53.000000000 +0530 |
|
| 684 |
+@@ -10,7 +10,7 @@ |
|
| 685 |
+ |
|
| 686 |
+ #include <tunables/global> |
|
| 687 |
+ |
|
| 688 |
+-/usr/lib/postfix/spawn {
|
|
| 689 |
++/usr/lib/postfix/spawn flags=(complain) {
|
|
| 690 |
+ #include <abstractions/base> |
|
| 691 |
+ #include <abstractions/nameservice> |
|
| 692 |
+ #include <abstractions/postfix-common> |
|
| 693 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr |
|
| 694 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr 2018-04-15 19:18:53.000000000 +0530 |
|
| 695 |
+@@ -11,7 +11,7 @@ |
|
| 696 |
+ |
|
| 697 |
+ #include <tunables/global> |
|
| 698 |
+ |
|
| 699 |
+-/usr/lib/postfix/tlsmgr {
|
|
| 700 |
++/usr/lib/postfix/tlsmgr flags=(complain) {
|
|
| 701 |
+ #include <abstractions/base> |
|
| 702 |
+ #include <abstractions/nameservice> |
|
| 703 |
+ #include <abstractions/postfix-common> |
|
| 704 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite |
|
| 705 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite 2018-04-15 19:18:53.000000000 +0530 |
|
| 706 |
+@@ -10,7 +10,7 @@ |
|
| 707 |
+ |
|
| 708 |
+ #include <tunables/global> |
|
| 709 |
+ |
|
| 710 |
+-/usr/lib/postfix/trivial-rewrite {
|
|
| 711 |
++/usr/lib/postfix/trivial-rewrite flags=(complain) {
|
|
| 712 |
+ #include <abstractions/base> |
|
| 713 |
+ #include <abstractions/nameservice> |
|
| 714 |
+ #include <abstractions/postfix-common> |
|
| 715 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.verify apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.verify |
|
| 716 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.verify 2018-04-15 19:18:53.000000000 +0530 |
|
| 717 |
+@@ -10,7 +10,7 @@ |
|
| 718 |
+ |
|
| 719 |
+ #include <tunables/global> |
|
| 720 |
+ |
|
| 721 |
+-/usr/lib/postfix/verify {
|
|
| 722 |
++/usr/lib/postfix/verify flags=(complain) {
|
|
| 723 |
+ #include <abstractions/base> |
|
| 724 |
+ #include <abstractions/nameservice> |
|
| 725 |
+ #include <abstractions/postfix-common> |
|
| 726 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual |
|
| 727 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual 2018-04-15 19:18:53.000000000 +0530 |
|
| 728 |
+@@ -10,7 +10,7 @@ |
|
| 729 |
+ |
|
| 730 |
+ #include <tunables/global> |
|
| 731 |
+ |
|
| 732 |
+-/usr/lib/postfix/virtual {
|
|
| 733 |
++/usr/lib/postfix/virtual flags=(complain) {
|
|
| 734 |
+ #include <abstractions/base> |
|
| 735 |
+ #include <abstractions/nameservice> |
|
| 736 |
+ #include <abstractions/postfix-common> |
|
| 737 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay |
|
| 738 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay 2018-04-15 19:18:53.000000000 +0530 |
|
| 739 |
+@@ -12,7 +12,7 @@ |
|
| 740 |
+ |
|
| 741 |
+ #include <tunables/global> |
|
| 742 |
+ |
|
| 743 |
+-/usr/lib/RealPlayer10/realplay {
|
|
| 744 |
++/usr/lib/RealPlayer10/realplay flags=(complain) {
|
|
| 745 |
+ #include <abstractions/base> |
|
| 746 |
+ #include <abstractions/bash> |
|
| 747 |
+ #include <abstractions/consoles> |
|
| 748 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient |
|
| 749 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient 2018-04-15 19:18:53.000000000 +0530 |
|
| 750 |
+@@ -11,7 +11,7 @@ |
|
| 751 |
+ |
|
| 752 |
+ #include <tunables/global> |
|
| 753 |
+ |
|
| 754 |
+-/usr/NX/bin/nxclient {
|
|
| 755 |
++/usr/NX/bin/nxclient flags=(complain) {
|
|
| 756 |
+ #include <abstractions/base> |
|
| 757 |
+ #include <abstractions/bash> |
|
| 758 |
+ #include <abstractions/consoles> |
|
| 759 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.cupsd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.cupsd |
|
| 760 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.cupsd 2018-04-15 19:18:53.000000000 +0530 |
|
| 761 |
+@@ -1,6 +1,6 @@ |
|
| 762 |
+ # Last Modified: Sun Sep 16 18:11:15 2007 |
|
| 763 |
+ #include <tunables/global> |
|
| 764 |
+-/usr/sbin/cupsd {
|
|
| 765 |
++/usr/sbin/cupsd flags=(complain) {
|
|
| 766 |
+ #include <abstractions/base> |
|
| 767 |
+ #include <abstractions/bash> |
|
| 768 |
+ #include <abstractions/dbus> |
|
| 769 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.dhcpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.dhcpd |
|
| 770 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.dhcpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 771 |
+@@ -10,7 +10,7 @@ |
|
| 772 |
+ |
|
| 773 |
+ #include <tunables/global> |
|
| 774 |
+ |
|
| 775 |
+-/usr/sbin/dhcpd {
|
|
| 776 |
++/usr/sbin/dhcpd flags=(complain) {
|
|
| 777 |
+ #include <abstractions/base> |
|
| 778 |
+ #include <abstractions/nameservice> |
|
| 779 |
+ |
|
| 780 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork |
|
| 781 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork 2018-04-15 19:18:53.000000000 +0530 |
|
| 782 |
+@@ -11,7 +11,7 @@ |
|
| 783 |
+ |
|
| 784 |
+ #include <tunables/global> |
|
| 785 |
+ |
|
| 786 |
+-/usr/sbin/httpd2-prefork {
|
|
| 787 |
++/usr/sbin/httpd2-prefork flags=(complain) {
|
|
| 788 |
+ #include <abstractions/apache2-common> |
|
| 789 |
+ #include <abstractions/base> |
|
| 790 |
+ #include <abstractions/consoles> |
|
| 791 |
+@@ -129,12 +129,12 @@ |
|
| 792 |
+ /var/lib/php/sess_* rwl, |
|
| 793 |
+ |
|
| 794 |
+ |
|
| 795 |
+- ^HANDLING_UNTRUSTED_INPUT {
|
|
| 796 |
++ ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
|
|
| 797 |
+ #include <abstractions/apache2-common> |
|
| 798 |
+ /var/log/apache2/* w, |
|
| 799 |
+ } |
|
| 800 |
+ |
|
| 801 |
+- ^DEFAULT_URI {
|
|
| 802 |
++ ^DEFAULT_URI flags=(complain) {
|
|
| 803 |
+ #include <abstractions/apache2-common> |
|
| 804 |
+ #include <abstractions/base> |
|
| 805 |
+ |
|
| 806 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.imapd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.imapd |
|
| 807 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.imapd 2018-04-15 19:18:53.000000000 +0530 |
|
| 808 |
+@@ -10,7 +10,7 @@ |
|
| 809 |
+ |
|
| 810 |
+ #include <tunables/global> |
|
| 811 |
+ |
|
| 812 |
+-/usr/sbin/imapd {
|
|
| 813 |
++/usr/sbin/imapd flags=(complain) {
|
|
| 814 |
+ #include <abstractions/base> |
|
| 815 |
+ #include <abstractions/nameservice> |
|
| 816 |
+ #include <abstractions/authentication> |
|
| 817 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd |
|
| 818 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd 2018-04-15 19:18:53.000000000 +0530 |
|
| 819 |
+@@ -10,7 +10,7 @@ |
|
| 820 |
+ |
|
| 821 |
+ #include <tunables/global> |
|
| 822 |
+ |
|
| 823 |
+-/usr/sbin/in.fingerd {
|
|
| 824 |
++/usr/sbin/in.fingerd flags=(complain) {
|
|
| 825 |
+ #include <abstractions/base> |
|
| 826 |
+ #include <abstractions/nameservice> |
|
| 827 |
+ |
|
| 828 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd |
|
| 829 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 830 |
+@@ -10,7 +10,7 @@ |
|
| 831 |
+ |
|
| 832 |
+ #include <tunables/global> |
|
| 833 |
+ |
|
| 834 |
+-/usr/sbin/in.ftpd {
|
|
| 835 |
++/usr/sbin/in.ftpd flags=(complain) {
|
|
| 836 |
+ #include <abstractions/base> |
|
| 837 |
+ #include <abstractions/nameservice> |
|
| 838 |
+ #include <abstractions/authentication> |
|
| 839 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd |
|
| 840 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd 2018-04-15 19:18:53.000000000 +0530 |
|
| 841 |
+@@ -10,7 +10,7 @@ |
|
| 842 |
+ |
|
| 843 |
+ #include <tunables/global> |
|
| 844 |
+ |
|
| 845 |
+-/usr/sbin/in.ntalkd {
|
|
| 846 |
++/usr/sbin/in.ntalkd flags=(complain) {
|
|
| 847 |
+ #include <abstractions/base> |
|
| 848 |
+ #include <abstractions/nameservice> |
|
| 849 |
+ #include <abstractions/consoles> |
|
| 850 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop2d apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.ipop2d |
|
| 851 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop2d 2018-04-15 19:18:53.000000000 +0530 |
|
| 852 |
+@@ -10,7 +10,7 @@ |
|
| 853 |
+ |
|
| 854 |
+ #include <tunables/global> |
|
| 855 |
+ |
|
| 856 |
+-/usr/sbin/ipop2d {
|
|
| 857 |
++/usr/sbin/ipop2d flags=(complain) {
|
|
| 858 |
+ #include <abstractions/base> |
|
| 859 |
+ #include <abstractions/nameservice> |
|
| 860 |
+ #include <abstractions/authentication> |
|
| 861 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop3d apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.ipop3d |
|
| 862 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop3d 2018-04-15 19:18:53.000000000 +0530 |
|
| 863 |
+@@ -10,7 +10,7 @@ |
|
| 864 |
+ |
|
| 865 |
+ #include <tunables/global> |
|
| 866 |
+ |
|
| 867 |
+-/usr/sbin/ipop3d {
|
|
| 868 |
++/usr/sbin/ipop3d flags=(complain) {
|
|
| 869 |
+ #include <abstractions/base> |
|
| 870 |
+ #include <abstractions/nameservice> |
|
| 871 |
+ #include <abstractions/authentication> |
|
| 872 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.lighttpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.lighttpd |
|
| 873 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.lighttpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 874 |
+@@ -11,7 +11,7 @@ |
|
| 875 |
+ |
|
| 876 |
+ #include <tunables/global> |
|
| 877 |
+ |
|
| 878 |
+-/usr/sbin/lighttpd {
|
|
| 879 |
++/usr/sbin/lighttpd flags=(complain) {
|
|
| 880 |
+ #include <abstractions/base> |
|
| 881 |
+ #include <abstractions/nameservice> |
|
| 882 |
+ #include <abstractions/web-data> |
|
| 883 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.mysqld apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.mysqld |
|
| 884 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.mysqld 2018-04-15 19:18:53.000000000 +0530 |
|
| 885 |
+@@ -14,7 +14,7 @@ |
|
| 886 |
+ |
|
| 887 |
+ #include <tunables/global> |
|
| 888 |
+ |
|
| 889 |
+-/usr/sbin/mysqld {
|
|
| 890 |
++/usr/sbin/mysqld flags=(complain) {
|
|
| 891 |
+ #include <abstractions/base> |
|
| 892 |
+ #include <abstractions/mysql> |
|
| 893 |
+ #include <abstractions/nameservice> |
|
| 894 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.nmbd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.nmbd |
|
| 895 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.nmbd 2018-04-15 19:18:53.000000000 +0530 |
|
| 896 |
+@@ -12,7 +12,7 @@ |
|
| 897 |
+ |
|
| 898 |
+ #include <tunables/global> |
|
| 899 |
+ |
|
| 900 |
+-/usr/sbin/nmbd {
|
|
| 901 |
++/usr/sbin/nmbd flags=(complain) {
|
|
| 902 |
+ #include <abstractions/base> |
|
| 903 |
+ #include <abstractions/nameservice> |
|
| 904 |
+ |
|
| 905 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.oidentd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.oidentd |
|
| 906 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.oidentd 2018-04-15 19:18:53.000000000 +0530 |
|
| 907 |
+@@ -11,7 +11,7 @@ |
|
| 908 |
+ |
|
| 909 |
+ #include <tunables/global> |
|
| 910 |
+ |
|
| 911 |
+-/usr/sbin/oidentd {
|
|
| 912 |
++/usr/sbin/oidentd flags=(complain) {
|
|
| 913 |
+ #include <abstractions/base> |
|
| 914 |
+ #include <abstractions/nameservice> |
|
| 915 |
+ |
|
| 916 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.popper apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.popper |
|
| 917 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.popper 2018-04-15 19:18:53.000000000 +0530 |
|
| 918 |
+@@ -11,7 +11,7 @@ |
|
| 919 |
+ # Last Modified: Wed Aug 31 11:14:09 2005 |
|
| 920 |
+ #include <tunables/global> |
|
| 921 |
+ |
|
| 922 |
+-/usr/sbin/popper {
|
|
| 923 |
++/usr/sbin/popper flags=(complain) {
|
|
| 924 |
+ #include <abstractions/authentication> |
|
| 925 |
+ #include <abstractions/base> |
|
| 926 |
+ #include <abstractions/nameservice> |
|
| 927 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postalias apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postalias |
|
| 928 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postalias 2018-04-15 19:18:53.000000000 +0530 |
|
| 929 |
+@@ -10,7 +10,7 @@ |
|
| 930 |
+ |
|
| 931 |
+ #include <tunables/global> |
|
| 932 |
+ |
|
| 933 |
+-/usr/sbin/postalias {
|
|
| 934 |
++/usr/sbin/postalias flags=(complain) {
|
|
| 935 |
+ #include <abstractions/base> |
|
| 936 |
+ #include <abstractions/kerberosclient> |
|
| 937 |
+ #include <abstractions/nameservice> |
|
| 938 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postdrop apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postdrop |
|
| 939 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postdrop 2018-04-15 19:18:53.000000000 +0530 |
|
| 940 |
+@@ -11,7 +11,7 @@ |
|
| 941 |
+ |
|
| 942 |
+ #include <tunables/global> |
|
| 943 |
+ |
|
| 944 |
+-/usr/sbin/postdrop {
|
|
| 945 |
++/usr/sbin/postdrop flags=(complain) {
|
|
| 946 |
+ #include <abstractions/base> |
|
| 947 |
+ #include <abstractions/kerberosclient> |
|
| 948 |
+ #include <abstractions/nameservice> |
|
| 949 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postmap apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postmap |
|
| 950 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postmap 2018-04-15 19:18:53.000000000 +0530 |
|
| 951 |
+@@ -10,7 +10,7 @@ |
|
| 952 |
+ |
|
| 953 |
+ #include <tunables/global> |
|
| 954 |
+ |
|
| 955 |
+-/usr/sbin/postmap {
|
|
| 956 |
++/usr/sbin/postmap flags=(complain) {
|
|
| 957 |
+ #include <abstractions/base> |
|
| 958 |
+ #include <abstractions/nameservice> |
|
| 959 |
+ #include <abstractions/kerberosclient> |
|
| 960 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postqueue apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postqueue |
|
| 961 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postqueue 2018-04-15 19:18:53.000000000 +0530 |
|
| 962 |
+@@ -10,7 +10,7 @@ |
|
| 963 |
+ |
|
| 964 |
+ #include <tunables/global> |
|
| 965 |
+ |
|
| 966 |
+-/usr/sbin/postqueue {
|
|
| 967 |
++/usr/sbin/postqueue flags=(complain) {
|
|
| 968 |
+ #include <abstractions/base> |
|
| 969 |
+ #include <abstractions/consoles> |
|
| 970 |
+ #include <abstractions/nameservice> |
|
| 971 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail |
|
| 972 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail 2018-04-15 19:18:53.000000000 +0530 |
|
| 973 |
+@@ -13,7 +13,7 @@ |
|
| 974 |
+ |
|
| 975 |
+ #include <tunables/global> |
|
| 976 |
+ |
|
| 977 |
+-/usr/sbin/sendmail {
|
|
| 978 |
++/usr/sbin/sendmail flags=(complain) {
|
|
| 979 |
+ #include <abstractions/base> |
|
| 980 |
+ #include <abstractions/consoles> |
|
| 981 |
+ #include <abstractions/kerberosclient> |
|
| 982 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix |
|
| 983 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix 2018-04-15 19:18:53.000000000 +0530 |
|
| 984 |
+@@ -10,7 +10,7 @@ |
|
| 985 |
+ |
|
| 986 |
+ #include <tunables/global> |
|
| 987 |
+ |
|
| 988 |
+-/usr/sbin/sendmail.postfix {
|
|
| 989 |
++/usr/sbin/sendmail.postfix flags=(complain) {
|
|
| 990 |
+ #include <abstractions/base> |
|
| 991 |
+ #include <abstractions/nameservice> |
|
| 992 |
+ #include <abstractions/consoles> |
|
| 993 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail |
|
| 994 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail 2018-04-15 19:18:53.000000000 +0530 |
|
| 995 |
+@@ -10,7 +10,7 @@ |
|
| 996 |
+ |
|
| 997 |
+ #include <tunables/global> |
|
| 998 |
+ |
|
| 999 |
+-/usr/sbin/sendmail.sendmail {
|
|
| 1000 |
++/usr/sbin/sendmail.sendmail flags=(complain) {
|
|
| 1001 |
+ #include <abstractions/base> |
|
| 1002 |
+ #include <abstractions/nameservice> |
|
| 1003 |
+ |
|
| 1004 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.smbd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.smbd |
|
| 1005 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.smbd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1006 |
+@@ -12,7 +12,7 @@ |
|
| 1007 |
+ |
|
| 1008 |
+ #include <tunables/global> |
|
| 1009 |
+ |
|
| 1010 |
+-/usr/sbin/smbd {
|
|
| 1011 |
++/usr/sbin/smbd flags=(complain) {
|
|
| 1012 |
+ #include <abstractions/base> |
|
| 1013 |
+ #include <abstractions/bash> |
|
| 1014 |
+ #include <abstractions/nameservice> |
|
| 1015 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.spamd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.spamd |
|
| 1016 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.spamd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1017 |
+@@ -12,7 +12,7 @@ |
|
| 1018 |
+ |
|
| 1019 |
+ #include <tunables/global> |
|
| 1020 |
+ |
|
| 1021 |
+-/usr/sbin/spamd {
|
|
| 1022 |
++/usr/sbin/spamd flags=(complain) {
|
|
| 1023 |
+ #include <abstractions/authentication> |
|
| 1024 |
+ #include <abstractions/base> |
|
| 1025 |
+ #include <abstractions/nameservice> |
|
| 1026 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.squid apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.squid |
|
| 1027 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.squid 2018-04-15 19:18:53.000000000 +0530 |
|
| 1028 |
+@@ -11,7 +11,7 @@ |
|
| 1029 |
+ |
|
| 1030 |
+ #include <tunables/global> |
|
| 1031 |
+ |
|
| 1032 |
+-/usr/sbin/squid {
|
|
| 1033 |
++/usr/sbin/squid flags=(complain) {
|
|
| 1034 |
+ #include <abstractions/base> |
|
| 1035 |
+ #include <abstractions/consoles> |
|
| 1036 |
+ #include <abstractions/kerberosclient> |
|
| 1037 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sshd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sshd |
|
| 1038 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sshd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1039 |
+@@ -16,7 +16,7 @@ |
|
| 1040 |
+ |
|
| 1041 |
+ #include <tunables/global> |
|
| 1042 |
+ |
|
| 1043 |
+-/usr/sbin/sshd {
|
|
| 1044 |
++/usr/sbin/sshd flags=(complain) {
|
|
| 1045 |
+ #include <abstractions/authentication> |
|
| 1046 |
+ #include <abstractions/base> |
|
| 1047 |
+ #include <abstractions/consoles> |
|
| 1048 |
+@@ -98,7 +98,7 @@ |
|
| 1049 |
+ |
|
| 1050 |
+ # to set memory protection for passwd |
|
| 1051 |
+ @{PROC}/@{pid}/task/@{pid}/attr/exec w,
|
|
| 1052 |
+- profile passwd {
|
|
| 1053 |
++ profile passwd flags=(complain) {
|
|
| 1054 |
+ #include <abstractions/authentication> |
|
| 1055 |
+ #include <abstractions/base> |
|
| 1056 |
+ #include <abstractions/nameservice> |
|
| 1057 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.useradd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.useradd |
|
| 1058 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.useradd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1059 |
+@@ -11,7 +11,7 @@ |
|
| 1060 |
+ |
|
| 1061 |
+ #include <tunables/global> |
|
| 1062 |
+ |
|
| 1063 |
+-/usr/sbin/useradd {
|
|
| 1064 |
++/usr/sbin/useradd flags=(complain) {
|
|
| 1065 |
+ #include <abstractions/authentication> |
|
| 1066 |
+ #include <abstractions/base> |
|
| 1067 |
+ #include <abstractions/bash> |
|
| 1068 |
+@@ -59,7 +59,7 @@ |
|
| 1069 |
+ /{,var/}run/nscd.pid rw,
|
|
| 1070 |
+ /var/spool/mail/* rw, |
|
| 1071 |
+ |
|
| 1072 |
+- profile pam_tally2 {
|
|
| 1073 |
++ profile pam_tally2 flags=(complain) {
|
|
| 1074 |
+ #include <abstractions/base> |
|
| 1075 |
+ #include <abstractions/consoles> |
|
| 1076 |
+ #include <abstractions/nameservice> |
|
| 1077 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.userdel apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.userdel |
|
| 1078 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.userdel 2018-04-15 19:18:53.000000000 +0530 |
|
| 1079 |
+@@ -11,7 +11,7 @@ |
|
| 1080 |
+ |
|
| 1081 |
+ #include <tunables/global> |
|
| 1082 |
+ |
|
| 1083 |
+-/usr/sbin/userdel {
|
|
| 1084 |
++/usr/sbin/userdel flags=(complain) {
|
|
| 1085 |
+ #include <abstractions/authentication> |
|
| 1086 |
+ #include <abstractions/base> |
|
| 1087 |
+ #include <abstractions/bash> |
|
| 1088 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.vsftpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.vsftpd |
|
| 1089 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.vsftpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1090 |
+@@ -11,7 +11,7 @@ |
|
| 1091 |
+ |
|
| 1092 |
+ #include <tunables/global> |
|
| 1093 |
+ |
|
| 1094 |
+-/usr/sbin/vsftpd {
|
|
| 1095 |
++/usr/sbin/vsftpd flags=(complain) {
|
|
| 1096 |
+ #include <abstractions/base> |
|
| 1097 |
+ #include <abstractions/nameservice> |
|
| 1098 |
+ #include <abstractions/authentication> |
|
| 1099 |
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.xinetd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.xinetd |
|
| 1100 |
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.xinetd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1101 |
+@@ -10,7 +10,7 @@ |
|
| 1102 |
+ |
|
| 1103 |
+ #include <tunables/global> |
|
| 1104 |
+ |
|
| 1105 |
+-/usr/sbin/xinetd {
|
|
| 1106 |
++/usr/sbin/xinetd flags=(complain) {
|
|
| 1107 |
+ #include <abstractions/base> |
|
| 1108 |
+ #include <abstractions/nameservice> |
|
| 1109 |
+ |
|
| 1110 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/launchpad-integration apparmor-2.13-mod/profiles/apparmor.d/abstractions/launchpad-integration |
|
| 1111 |
+--- apparmor-2.13/profiles/apparmor.d/abstractions/launchpad-integration 2018-04-15 19:18:53.000000000 +0530 |
|
| 1112 |
+@@ -3,7 +3,7 @@ |
|
| 1113 |
+ |
|
| 1114 |
+ # Launchpad integration should run in a sanitizing profile |
|
| 1115 |
+ /usr/bin/launchpad-integration Cxr -> launchpad_integration, |
|
| 1116 |
+- profile launchpad_integration {
|
|
| 1117 |
++ profile launchpad_integration flags=(complain) {
|
|
| 1118 |
+ #include <abstractions/base> |
|
| 1119 |
+ #include <abstractions/nameservice> |
|
| 1120 |
+ #include <abstractions/ubuntu-browsers> |
|
| 1121 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java apparmor-2.13-mod/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java |
|
| 1122 |
+--- apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java 2018-04-15 19:18:53.000000000 +0530 |
|
| 1123 |
+@@ -17,7 +17,7 @@ |
|
| 1124 |
+ # Profile for the supported OpenJDK in Ubuntu. This doesn't require the |
|
| 1125 |
+ # unfortunate workarounds of the proprietary Javas, so have a separate |
|
| 1126 |
+ # profile. |
|
| 1127 |
+- profile browser_openjdk {
|
|
| 1128 |
++ profile browser_openjdk flags=(complain) {
|
|
| 1129 |
+ #include <abstractions/base> |
|
| 1130 |
+ #include <abstractions/fonts> |
|
| 1131 |
+ #include <abstractions/gnome> |
|
| 1132 |
+@@ -62,7 +62,7 @@ |
|
| 1133 |
+ |
|
| 1134 |
+ # Profile for commercial Javas. These need workarounds to work right (eg |
|
| 1135 |
+ # Sun's forcing of an executable stack (LP: #535247)). |
|
| 1136 |
+- profile browser_java {
|
|
| 1137 |
++ profile browser_java flags=(complain) {
|
|
| 1138 |
+ #include <abstractions/base> |
|
| 1139 |
+ #include <abstractions/fonts> |
|
| 1140 |
+ #include <abstractions/gnome> |
|
| 1141 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-helpers apparmor-2.13-mod/profiles/apparmor.d/abstractions/ubuntu-helpers |
|
| 1142 |
+--- apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-helpers 2018-04-15 19:18:53.000000000 +0530 |
|
| 1143 |
+@@ -31,7 +31,7 @@ |
|
| 1144 |
+ # Use at your own risk. This profile was developed as an interim workaround for |
|
| 1145 |
+ # LP: #851986 until AppArmor utilizes proper environment filtering. |
|
| 1146 |
+ |
|
| 1147 |
+-profile sanitized_helper {
|
|
| 1148 |
++profile sanitized_helper flags=(complain) {
|
|
| 1149 |
+ #include <abstractions/base> |
|
| 1150 |
+ #include <abstractions/X> |
|
| 1151 |
+ |
|
| 1152 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/apache2.d/phpsysinfo apparmor-2.13-mod/profiles/apparmor.d/apache2.d/phpsysinfo |
|
| 1153 |
+--- apparmor-2.13/profiles/apparmor.d/apache2.d/phpsysinfo 2018-04-15 19:18:53.000000000 +0530 |
|
| 1154 |
+@@ -1,7 +1,7 @@ |
|
| 1155 |
+ # Last Modified: Fri Sep 11 13:27:22 2009 |
|
| 1156 |
+ # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com> |
|
| 1157 |
+ |
|
| 1158 |
+- ^phpsysinfo {
|
|
| 1159 |
++ ^phpsysinfo flags=(complain) {
|
|
| 1160 |
+ #include <abstractions/apache2-common> |
|
| 1161 |
+ #include <abstractions/base> |
|
| 1162 |
+ #include <abstractions/nameservice> |
|
| 1163 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/bin.ping apparmor-2.13-mod/profiles/apparmor.d/bin.ping |
|
| 1164 |
+--- apparmor-2.13/profiles/apparmor.d/bin.ping 2018-04-15 19:18:53.000000000 +0530 |
|
| 1165 |
+@@ -10,7 +10,7 @@ |
|
| 1166 |
+ # ------------------------------------------------------------------ |
|
| 1167 |
+ |
|
| 1168 |
+ #include <tunables/global> |
|
| 1169 |
+-profile ping /{usr/,}bin/ping {
|
|
| 1170 |
++profile ping /{usr/,}bin/ping flags=(complain) {
|
|
| 1171 |
+ #include <abstractions/base> |
|
| 1172 |
+ #include <abstractions/consoles> |
|
| 1173 |
+ #include <abstractions/nameservice> |
|
| 1174 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.klogd apparmor-2.13-mod/profiles/apparmor.d/sbin.klogd |
|
| 1175 |
+--- apparmor-2.13/profiles/apparmor.d/sbin.klogd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1176 |
+@@ -11,7 +11,7 @@ |
|
| 1177 |
+ |
|
| 1178 |
+ #include <tunables/global> |
|
| 1179 |
+ |
|
| 1180 |
+-profile klogd /{usr/,}sbin/klogd {
|
|
| 1181 |
++profile klogd /{usr/,}sbin/klogd flags=(complain) {
|
|
| 1182 |
+ #include <abstractions/base> |
|
| 1183 |
+ |
|
| 1184 |
+ capability sys_admin, # for backward compatibility with kernel <= 2.6.37 |
|
| 1185 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.syslogd apparmor-2.13-mod/profiles/apparmor.d/sbin.syslogd |
|
| 1186 |
+--- apparmor-2.13/profiles/apparmor.d/sbin.syslogd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1187 |
+@@ -11,7 +11,7 @@ |
|
| 1188 |
+ |
|
| 1189 |
+ #include <tunables/global> |
|
| 1190 |
+ |
|
| 1191 |
+-profile syslogd /{usr/,}sbin/syslogd {
|
|
| 1192 |
++profile syslogd /{usr/,}sbin/syslogd flags=(complain) {
|
|
| 1193 |
+ #include <abstractions/base> |
|
| 1194 |
+ #include <abstractions/nameservice> |
|
| 1195 |
+ #include <abstractions/consoles> |
|
| 1196 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.syslog-ng apparmor-2.13-mod/profiles/apparmor.d/sbin.syslog-ng |
|
| 1197 |
+--- apparmor-2.13/profiles/apparmor.d/sbin.syslog-ng 2018-04-15 19:18:53.000000000 +0530 |
|
| 1198 |
+@@ -15,7 +15,7 @@ |
|
| 1199 |
+ #define this to be where syslog-ng is chrooted |
|
| 1200 |
+ @{CHROOT_BASE}=""
|
|
| 1201 |
+ |
|
| 1202 |
+-profile syslog-ng /{usr/,}sbin/syslog-ng {
|
|
| 1203 |
++profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {
|
|
| 1204 |
+ #include <abstractions/base> |
|
| 1205 |
+ #include <abstractions/consoles> |
|
| 1206 |
+ #include <abstractions/nameservice> |
|
| 1207 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 apparmor-2.13-mod/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 |
|
| 1208 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2018-04-15 19:18:53.000000000 +0530 |
|
| 1209 |
+@@ -1,7 +1,7 @@ |
|
| 1210 |
+ # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com> |
|
| 1211 |
+ |
|
| 1212 |
+ #include <tunables/global> |
|
| 1213 |
+-/usr/lib/apache2/mpm-prefork/apache2 {
|
|
| 1214 |
++/usr/lib/apache2/mpm-prefork/apache2 flags=(complain) {
|
|
| 1215 |
+ |
|
| 1216 |
+ # This profile is completely permissive. |
|
| 1217 |
+ # It is designed to target specific applications using mod_apparmor, |
|
| 1218 |
+@@ -53,7 +53,7 @@ |
|
| 1219 |
+ /** mrwlkix, |
|
| 1220 |
+ |
|
| 1221 |
+ |
|
| 1222 |
+- ^DEFAULT_URI {
|
|
| 1223 |
++ ^DEFAULT_URI flags=(complain) {
|
|
| 1224 |
+ #include <abstractions/base> |
|
| 1225 |
+ #include <abstractions/nameservice> |
|
| 1226 |
+ |
|
| 1227 |
+@@ -62,7 +62,7 @@ |
|
| 1228 |
+ |
|
| 1229 |
+ } |
|
| 1230 |
+ |
|
| 1231 |
+- ^HANDLING_UNTRUSTED_INPUT {
|
|
| 1232 |
++ ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
|
|
| 1233 |
+ #include <abstractions/nameservice> |
|
| 1234 |
+ |
|
| 1235 |
+ / rw, |
|
| 1236 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.anvil apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.anvil |
|
| 1237 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.anvil 2018-04-15 19:18:53.000000000 +0530 |
|
| 1238 |
+@@ -11,7 +11,7 @@ |
|
| 1239 |
+ |
|
| 1240 |
+ #include <tunables/global> |
|
| 1241 |
+ |
|
| 1242 |
+-/usr/lib/dovecot/anvil {
|
|
| 1243 |
++/usr/lib/dovecot/anvil flags=(complain) {
|
|
| 1244 |
+ #include <abstractions/base> |
|
| 1245 |
+ #include <abstractions/dovecot-common> |
|
| 1246 |
+ |
|
| 1247 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.auth apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.auth |
|
| 1248 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.auth 2018-04-15 19:18:53.000000000 +0530 |
|
| 1249 |
+@@ -12,7 +12,7 @@ |
|
| 1250 |
+ |
|
| 1251 |
+ #include <tunables/global> |
|
| 1252 |
+ |
|
| 1253 |
+-/usr/lib/dovecot/auth {
|
|
| 1254 |
++/usr/lib/dovecot/auth flags=(complain) {
|
|
| 1255 |
+ #include <abstractions/authentication> |
|
| 1256 |
+ #include <abstractions/base> |
|
| 1257 |
+ #include <abstractions/mysql> |
|
| 1258 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.config apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.config |
|
| 1259 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.config 2018-04-15 19:18:53.000000000 +0530 |
|
| 1260 |
+@@ -11,7 +11,7 @@ |
|
| 1261 |
+ |
|
| 1262 |
+ #include <tunables/global> |
|
| 1263 |
+ |
|
| 1264 |
+-/usr/lib/dovecot/config {
|
|
| 1265 |
++/usr/lib/dovecot/config flags=(complain) {
|
|
| 1266 |
+ #include <abstractions/base> |
|
| 1267 |
+ #include <abstractions/nameservice> |
|
| 1268 |
+ #include <abstractions/dovecot-common> |
|
| 1269 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.deliver apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.deliver |
|
| 1270 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.deliver 2018-04-15 19:18:53.000000000 +0530 |
|
| 1271 |
+@@ -14,7 +14,7 @@ |
|
| 1272 |
+ #include <tunables/global> |
|
| 1273 |
+ #include <tunables/dovecot> |
|
| 1274 |
+ |
|
| 1275 |
+-/usr/lib/dovecot/deliver {
|
|
| 1276 |
++/usr/lib/dovecot/deliver flags=(complain) {
|
|
| 1277 |
+ #include <abstractions/base> |
|
| 1278 |
+ #include <abstractions/nameservice> |
|
| 1279 |
+ #include <abstractions/dovecot-common> |
|
| 1280 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dict apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.dict |
|
| 1281 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dict 2018-04-15 19:18:53.000000000 +0530 |
|
| 1282 |
+@@ -11,7 +11,7 @@ |
|
| 1283 |
+ |
|
| 1284 |
+ #include <tunables/global> |
|
| 1285 |
+ |
|
| 1286 |
+-/usr/lib/dovecot/dict {
|
|
| 1287 |
++/usr/lib/dovecot/dict flags=(complain) {
|
|
| 1288 |
+ #include <abstractions/base> |
|
| 1289 |
+ #include <abstractions/mysql> |
|
| 1290 |
+ #include <abstractions/nameservice> |
|
| 1291 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth |
|
| 1292 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2018-04-15 19:18:53.000000000 +0530 |
|
| 1293 |
+@@ -12,7 +12,7 @@ |
|
| 1294 |
+ |
|
| 1295 |
+ #include <tunables/global> |
|
| 1296 |
+ |
|
| 1297 |
+-/usr/lib/dovecot/dovecot-auth {
|
|
| 1298 |
++/usr/lib/dovecot/dovecot-auth flags=(complain) {
|
|
| 1299 |
+ #include <abstractions/authentication> |
|
| 1300 |
+ #include <abstractions/base> |
|
| 1301 |
+ #include <abstractions/nameservice> |
|
| 1302 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda |
|
| 1303 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2018-04-15 19:18:53.000000000 +0530 |
|
| 1304 |
+@@ -12,7 +12,7 @@ |
|
| 1305 |
+ #include <tunables/global> |
|
| 1306 |
+ #include <tunables/dovecot> |
|
| 1307 |
+ |
|
| 1308 |
+-/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
|
|
| 1309 |
++/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected,complain) {
|
|
| 1310 |
+ #include <abstractions/base> |
|
| 1311 |
+ #include <abstractions/nameservice> |
|
| 1312 |
+ #include <abstractions/dovecot-common> |
|
| 1313 |
+@@ -37,7 +37,7 @@ |
|
| 1314 |
+ #include <local/usr.lib.dovecot.dovecot-lda> |
|
| 1315 |
+ |
|
| 1316 |
+ |
|
| 1317 |
+- profile /usr/sbin/sendmail flags=(attach_disconnected) {
|
|
| 1318 |
++ profile /usr/sbin/sendmail flags=(attach_disconnected,complain) {
|
|
| 1319 |
+ # this profile is based on the usr.sbin.sendmail profile in extras |
|
| 1320 |
+ # and should support both postfix' and sendmail's sendmail binary |
|
| 1321 |
+ |
|
| 1322 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.imap apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.imap |
|
| 1323 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.imap 2018-04-15 19:18:53.000000000 +0530 |
|
| 1324 |
+@@ -13,7 +13,7 @@ |
|
| 1325 |
+ #include <tunables/global> |
|
| 1326 |
+ #include <tunables/dovecot> |
|
| 1327 |
+ |
|
| 1328 |
+-/usr/lib/dovecot/imap {
|
|
| 1329 |
++/usr/lib/dovecot/imap flags=(complain) {
|
|
| 1330 |
+ #include <abstractions/base> |
|
| 1331 |
+ #include <abstractions/nameservice> |
|
| 1332 |
+ #include <abstractions/dovecot-common> |
|
| 1333 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.imap-login apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.imap-login |
|
| 1334 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.imap-login 2018-04-15 19:18:53.000000000 +0530 |
|
| 1335 |
+@@ -11,7 +11,7 @@ |
|
| 1336 |
+ # vim: ft=apparmor |
|
| 1337 |
+ |
|
| 1338 |
+ #include <tunables/global> |
|
| 1339 |
+-/usr/lib/dovecot/imap-login {
|
|
| 1340 |
++/usr/lib/dovecot/imap-login flags=(complain) {
|
|
| 1341 |
+ #include <abstractions/base> |
|
| 1342 |
+ #include <abstractions/ssl_certs> |
|
| 1343 |
+ #include <abstractions/ssl_keys> |
|
| 1344 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.lmtp apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.lmtp |
|
| 1345 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.lmtp 2018-04-15 19:18:53.000000000 +0530 |
|
| 1346 |
+@@ -12,7 +12,7 @@ |
|
| 1347 |
+ #include <tunables/global> |
|
| 1348 |
+ #include <tunables/dovecot> |
|
| 1349 |
+ |
|
| 1350 |
+-/usr/lib/dovecot/lmtp {
|
|
| 1351 |
++/usr/lib/dovecot/lmtp flags=(complain) {
|
|
| 1352 |
+ #include <abstractions/base> |
|
| 1353 |
+ #include <abstractions/nameservice> |
|
| 1354 |
+ #include <abstractions/dovecot-common> |
|
| 1355 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.log apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.log |
|
| 1356 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.log 2018-04-15 19:18:53.000000000 +0530 |
|
| 1357 |
+@@ -11,7 +11,7 @@ |
|
| 1358 |
+ |
|
| 1359 |
+ #include <tunables/global> |
|
| 1360 |
+ |
|
| 1361 |
+-/usr/lib/dovecot/log flags=(attach_disconnected) {
|
|
| 1362 |
++/usr/lib/dovecot/log flags=(attach_disconnected,complain) {
|
|
| 1363 |
+ #include <abstractions/base> |
|
| 1364 |
+ #include <abstractions/dovecot-common> |
|
| 1365 |
+ |
|
| 1366 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.managesieve apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.managesieve |
|
| 1367 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.managesieve 2018-04-15 19:18:53.000000000 +0530 |
|
| 1368 |
+@@ -13,7 +13,7 @@ |
|
| 1369 |
+ #include <tunables/global> |
|
| 1370 |
+ #include <tunables/dovecot> |
|
| 1371 |
+ |
|
| 1372 |
+-/usr/lib/dovecot/managesieve {
|
|
| 1373 |
++/usr/lib/dovecot/managesieve flags=(complain) {
|
|
| 1374 |
+ #include <abstractions/base> |
|
| 1375 |
+ #include <abstractions/dovecot-common> |
|
| 1376 |
+ |
|
| 1377 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.managesieve-login apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.managesieve-login |
|
| 1378 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2018-04-15 19:18:53.000000000 +0530 |
|
| 1379 |
+@@ -14,7 +14,7 @@ |
|
| 1380 |
+ |
|
| 1381 |
+ #include <tunables/global> |
|
| 1382 |
+ |
|
| 1383 |
+-/usr/lib/dovecot/managesieve-login {
|
|
| 1384 |
++/usr/lib/dovecot/managesieve-login flags=(complain) {
|
|
| 1385 |
+ #include <abstractions/base> |
|
| 1386 |
+ #include <abstractions/ssl_certs> |
|
| 1387 |
+ #include <abstractions/ssl_keys> |
|
| 1388 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.pop3 apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.pop3 |
|
| 1389 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.pop3 2018-04-15 19:18:53.000000000 +0530 |
|
| 1390 |
+@@ -13,7 +13,7 @@ |
|
| 1391 |
+ #include <tunables/global> |
|
| 1392 |
+ #include <tunables/dovecot> |
|
| 1393 |
+ |
|
| 1394 |
+-/usr/lib/dovecot/pop3 {
|
|
| 1395 |
++/usr/lib/dovecot/pop3 flags=(complain) {
|
|
| 1396 |
+ #include <abstractions/base> |
|
| 1397 |
+ #include <abstractions/nameservice> |
|
| 1398 |
+ #include <abstractions/dovecot-common> |
|
| 1399 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.pop3-login apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.pop3-login |
|
| 1400 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.pop3-login 2018-04-15 19:18:53.000000000 +0530 |
|
| 1401 |
+@@ -12,7 +12,7 @@ |
|
| 1402 |
+ |
|
| 1403 |
+ #include <tunables/global> |
|
| 1404 |
+ |
|
| 1405 |
+-/usr/lib/dovecot/pop3-login {
|
|
| 1406 |
++/usr/lib/dovecot/pop3-login flags=(complain) {
|
|
| 1407 |
+ #include <abstractions/base> |
|
| 1408 |
+ #include <abstractions/nameservice> |
|
| 1409 |
+ #include <abstractions/ssl_certs> |
|
| 1410 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.ssl-params apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.ssl-params |
|
| 1411 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.ssl-params 2018-04-15 19:18:53.000000000 +0530 |
|
| 1412 |
+@@ -11,7 +11,7 @@ |
|
| 1413 |
+ |
|
| 1414 |
+ #include <tunables/global> |
|
| 1415 |
+ |
|
| 1416 |
+-/usr/lib/dovecot/ssl-params {
|
|
| 1417 |
++/usr/lib/dovecot/ssl-params flags=(complain) {
|
|
| 1418 |
+ #include <abstractions/base> |
|
| 1419 |
+ #include <abstractions/dovecot-common> |
|
| 1420 |
+ |
|
| 1421 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.stats apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.stats |
|
| 1422 |
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.stats 2018-04-15 19:18:53.000000000 +0530 |
|
| 1423 |
+@@ -11,7 +11,7 @@ |
|
| 1424 |
+ |
|
| 1425 |
+ #include <tunables/global> |
|
| 1426 |
+ |
|
| 1427 |
+-/usr/lib/dovecot/stats {
|
|
| 1428 |
++/usr/lib/dovecot/stats flags=(complain) {
|
|
| 1429 |
+ #include <abstractions/base> |
|
| 1430 |
+ #include <abstractions/dovecot-common> |
|
| 1431 |
+ |
|
| 1432 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.apache2 apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.apache2 |
|
| 1433 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.apache2 2018-04-15 19:18:53.000000000 +0530 |
|
| 1434 |
+@@ -1,7 +1,7 @@ |
|
| 1435 |
+ # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com> |
|
| 1436 |
+ |
|
| 1437 |
+ #include <tunables/global> |
|
| 1438 |
+-/usr/sbin/apache2 flags=(attach_disconnected) {
|
|
| 1439 |
++/usr/sbin/apache2 flags=(attach_disconnected,complain) {
|
|
| 1440 |
+ |
|
| 1441 |
+ # This profile is completely permissive. |
|
| 1442 |
+ # It is designed to target specific applications using mod_apparmor, |
|
| 1443 |
+@@ -84,7 +84,7 @@ |
|
| 1444 |
+ /** mrwlkix, |
|
| 1445 |
+ |
|
| 1446 |
+ |
|
| 1447 |
+- ^DEFAULT_URI flags=(attach_disconnected) {
|
|
| 1448 |
++ ^DEFAULT_URI flags=(attach_disconnected,complain) {
|
|
| 1449 |
+ #include <abstractions/base> |
|
| 1450 |
+ #include <abstractions/apache2-common> |
|
| 1451 |
+ |
|
| 1452 |
+@@ -92,7 +92,7 @@ |
|
| 1453 |
+ /** mrwlkix, |
|
| 1454 |
+ } |
|
| 1455 |
+ |
|
| 1456 |
+- ^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected) {
|
|
| 1457 |
++ ^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected,complain) {
|
|
| 1458 |
+ #include <abstractions/apache2-common> |
|
| 1459 |
+ |
|
| 1460 |
+ / rw, |
|
| 1461 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.avahi-daemon apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.avahi-daemon |
|
| 1462 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.avahi-daemon 2018-04-15 19:18:53.000000000 +0530 |
|
| 1463 |
+@@ -1,5 +1,5 @@ |
|
| 1464 |
+ #include <tunables/global> |
|
| 1465 |
+-/usr/sbin/avahi-daemon {
|
|
| 1466 |
++/usr/sbin/avahi-daemon flags=(complain) {
|
|
| 1467 |
+ #include <abstractions/base> |
|
| 1468 |
+ #include <abstractions/consoles> |
|
| 1469 |
+ #include <abstractions/dbus> |
|
| 1470 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.dnsmasq apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.dnsmasq |
|
| 1471 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.dnsmasq 2018-04-15 19:18:53.000000000 +0530 |
|
| 1472 |
+@@ -12,7 +12,7 @@ |
|
| 1473 |
+ @{TFTP_DIR}=/var/tftp /srv/tftpboot
|
|
| 1474 |
+ |
|
| 1475 |
+ #include <tunables/global> |
|
| 1476 |
+-/usr/sbin/dnsmasq flags=(attach_disconnected) {
|
|
| 1477 |
++/usr/sbin/dnsmasq flags=(attach_disconnected,complain) {
|
|
| 1478 |
+ #include <abstractions/base> |
|
| 1479 |
+ #include <abstractions/dbus> |
|
| 1480 |
+ #include <abstractions/nameservice> |
|
| 1481 |
+@@ -88,7 +88,7 @@ |
|
| 1482 |
+ /{,var/}run/NetworkManager/dnsmasq.conf r,
|
|
| 1483 |
+ /{,var/}run/NetworkManager/dnsmasq.pid w,
|
|
| 1484 |
+ |
|
| 1485 |
+- profile libvirt_leaseshelper {
|
|
| 1486 |
++ profile libvirt_leaseshelper flags=(complain) {
|
|
| 1487 |
+ #include <abstractions/base> |
|
| 1488 |
+ |
|
| 1489 |
+ /etc/libnl-3/classid r, |
|
| 1490 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.dovecot apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.dovecot |
|
| 1491 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.dovecot 2018-04-15 19:18:53.000000000 +0530 |
|
| 1492 |
+@@ -12,7 +12,7 @@ |
|
| 1493 |
+ |
|
| 1494 |
+ #include <tunables/global> |
|
| 1495 |
+ |
|
| 1496 |
+-/usr/sbin/dovecot flags=(attach_disconnected) {
|
|
| 1497 |
++/usr/sbin/dovecot flags=(attach_disconnected,complain) {
|
|
| 1498 |
+ #include <abstractions/authentication> |
|
| 1499 |
+ #include <abstractions/base> |
|
| 1500 |
+ #include <abstractions/dovecot-common> |
|
| 1501 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.identd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.identd |
|
| 1502 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.identd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1503 |
+@@ -11,7 +11,7 @@ |
|
| 1504 |
+ |
|
| 1505 |
+ #include <tunables/global> |
|
| 1506 |
+ |
|
| 1507 |
+-/usr/sbin/identd {
|
|
| 1508 |
++/usr/sbin/identd flags=(complain) {
|
|
| 1509 |
+ #include <abstractions/base> |
|
| 1510 |
+ #include <abstractions/nameservice> |
|
| 1511 |
+ capability net_bind_service, |
|
| 1512 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.mdnsd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.mdnsd |
|
| 1513 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.mdnsd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1514 |
+@@ -11,7 +11,7 @@ |
|
| 1515 |
+ |
|
| 1516 |
+ #include <tunables/global> |
|
| 1517 |
+ |
|
| 1518 |
+-/usr/sbin/mdnsd {
|
|
| 1519 |
++/usr/sbin/mdnsd flags=(complain) {
|
|
| 1520 |
+ #include <abstractions/base> |
|
| 1521 |
+ #include <abstractions/consoles> |
|
| 1522 |
+ #include <abstractions/nameservice> |
|
| 1523 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.nmbd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.nmbd |
|
| 1524 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.nmbd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1525 |
+@@ -1,6 +1,6 @@ |
|
| 1526 |
+ #include <tunables/global> |
|
| 1527 |
+ |
|
| 1528 |
+-/usr/sbin/nmbd {
|
|
| 1529 |
++/usr/sbin/nmbd flags=(complain) {
|
|
| 1530 |
+ #include <abstractions/base> |
|
| 1531 |
+ #include <abstractions/nameservice> |
|
| 1532 |
+ #include <abstractions/samba> |
|
| 1533 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.nscd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.nscd |
|
| 1534 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.nscd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1535 |
+@@ -10,7 +10,7 @@ |
|
| 1536 |
+ # ------------------------------------------------------------------ |
|
| 1537 |
+ |
|
| 1538 |
+ #include <tunables/global> |
|
| 1539 |
+-/usr/sbin/nscd {
|
|
| 1540 |
++/usr/sbin/nscd flags=(complain) {
|
|
| 1541 |
+ #include <abstractions/base> |
|
| 1542 |
+ #include <abstractions/consoles> |
|
| 1543 |
+ #include <abstractions/nameservice> |
|
| 1544 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.ntpd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.ntpd |
|
| 1545 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.ntpd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1546 |
+@@ -11,7 +11,7 @@ |
|
| 1547 |
+ |
|
| 1548 |
+ #include <tunables/global> |
|
| 1549 |
+ #include <tunables/ntpd> |
|
| 1550 |
+-/usr/sbin/ntpd flags=(attach_disconnected) {
|
|
| 1551 |
++/usr/sbin/ntpd flags=(attach_disconnected,complain) {
|
|
| 1552 |
+ #include <abstractions/base> |
|
| 1553 |
+ #include <abstractions/nameservice> |
|
| 1554 |
+ #include <abstractions/openssl> |
|
| 1555 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.smbd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.smbd |
|
| 1556 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.smbd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1557 |
+@@ -1,6 +1,6 @@ |
|
| 1558 |
+ #include <tunables/global> |
|
| 1559 |
+ |
|
| 1560 |
+-/usr/sbin/smbd {
|
|
| 1561 |
++/usr/sbin/smbd flags=(complain) {
|
|
| 1562 |
+ #include <abstractions/authentication> |
|
| 1563 |
+ #include <abstractions/base> |
|
| 1564 |
+ #include <abstractions/consoles> |
|
| 1565 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.smbldap-useradd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.smbldap-useradd |
|
| 1566 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.smbldap-useradd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1567 |
+@@ -1,7 +1,7 @@ |
|
| 1568 |
+ # Last Modified: Tue Jan 3 00:17:40 2012 |
|
| 1569 |
+ #include <tunables/global> |
|
| 1570 |
+ |
|
| 1571 |
+-/usr/sbin/smbldap-useradd {
|
|
| 1572 |
++/usr/sbin/smbldap-useradd flags=(complain) {
|
|
| 1573 |
+ #include <abstractions/base> |
|
| 1574 |
+ #include <abstractions/bash> |
|
| 1575 |
+ #include <abstractions/nameservice> |
|
| 1576 |
+@@ -20,7 +20,7 @@ |
|
| 1577 |
+ # Site-specific additions and overrides. See local/README for details. |
|
| 1578 |
+ #include <local/usr.sbin.smbldap-useradd> |
|
| 1579 |
+ |
|
| 1580 |
+- profile /etc/init.d/nscd {
|
|
| 1581 |
++ profile /etc/init.d/nscd flags=(complain) {
|
|
| 1582 |
+ #include <abstractions/base> |
|
| 1583 |
+ #include <abstractions/nameservice> |
|
| 1584 |
+ |
|
| 1585 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.traceroute apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.traceroute |
|
| 1586 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.traceroute 2018-04-15 19:18:53.000000000 +0530 |
|
| 1587 |
+@@ -10,7 +10,7 @@ |
|
| 1588 |
+ # ------------------------------------------------------------------ |
|
| 1589 |
+ |
|
| 1590 |
+ #include <tunables/global> |
|
| 1591 |
+-/usr/{sbin/traceroute,bin/traceroute.db} {
|
|
| 1592 |
++/usr/{sbin/traceroute,bin/traceroute.db} flags=(complain) {
|
|
| 1593 |
+ #include <abstractions/base> |
|
| 1594 |
+ #include <abstractions/consoles> |
|
| 1595 |
+ #include <abstractions/nameservice> |
|
| 1596 |
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.sbin.winbindd apparmor-2.13-mod/profiles/apparmor.d/usr.sbin.winbindd |
|
| 1597 |
+--- apparmor-2.13/profiles/apparmor.d/usr.sbin.winbindd 2018-04-15 19:18:53.000000000 +0530 |
|
| 1598 |
+@@ -1,6 +1,6 @@ |
|
| 1599 |
+ #include <tunables/global> |
|
| 1600 |
+ |
|
| 1601 |
+-/usr/sbin/winbindd {
|
|
| 1602 |
++/usr/sbin/winbindd flags=(complain) {
|
|
| 1603 |
+ #include <abstractions/base> |
|
| 1604 |
+ #include <abstractions/nameservice> |
|
| 1605 |
+ #include <abstractions/samba> |
| 0 | 1606 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,377 @@ |
| 0 |
+Name: apparmor |
|
| 1 |
+Version: 2.13 |
|
| 2 |
+Release: 1%{?dist}
|
|
| 3 |
+Summary: AppArmor is an effective and easy-to-use Linux application security system. |
|
| 4 |
+License: GNU LGPL v2.1 |
|
| 5 |
+URL: https://launchpad.net/apparmor |
|
| 6 |
+Source0: https://launchpad.net/apparmor/2.13/2.13.0/+download/%{name}-%{version}.tar.gz
|
|
| 7 |
+%define sha1 apparmor=54202cafce24911c45141d66e2d1e037e8aa5746 |
|
| 8 |
+Patch0: apparmor-set-profiles-complain-mode.patch |
|
| 9 |
+Patch1: apparmor-service-start-fix.patch |
|
| 10 |
+Vendor: VMware, Inc. |
|
| 11 |
+Distribution: Photon |
|
| 12 |
+Group: Productivity/Security |
|
| 13 |
+BuildRequires: python3 |
|
| 14 |
+BuildRequires: python3-devel |
|
| 15 |
+BuildRequires: python3-libs |
|
| 16 |
+BuildRequires: ruby |
|
| 17 |
+BuildRequires: swig |
|
| 18 |
+BuildRequires: make |
|
| 19 |
+BuildRequires: gawk |
|
| 20 |
+BuildRequires: which |
|
| 21 |
+BuildRequires: libstdc++ |
|
| 22 |
+BuildRequires: libstdc++-devel |
|
| 23 |
+BuildRequires: gcc |
|
| 24 |
+BuildRequires: libgcc |
|
| 25 |
+BuildRequires: libgcc-devel |
|
| 26 |
+BuildRequires: glibc |
|
| 27 |
+BuildRequires: glibc-devel |
|
| 28 |
+BuildRequires: autoconf |
|
| 29 |
+BuildRequires: automake |
|
| 30 |
+BuildRequires: libtool |
|
| 31 |
+BuildRequires: httpd |
|
| 32 |
+BuildRequires: httpd-devel |
|
| 33 |
+BuildRequires: httpd-tools |
|
| 34 |
+BuildRequires: apr |
|
| 35 |
+BuildRequires: apr-util-devel |
|
| 36 |
+BuildRequires: Linux-PAM |
|
| 37 |
+BuildRequires: Linux-PAM-devel |
|
| 38 |
+ |
|
| 39 |
+%global debug_package %{nil}
|
|
| 40 |
+ |
|
| 41 |
+%description |
|
| 42 |
+AppArmor is a file and network mandatory access control |
|
| 43 |
+mechanism. AppArmor confines processes to the resources allowed by the |
|
| 44 |
+systems administrator and can constrain the scope of potential security |
|
| 45 |
+vulnerabilities. |
|
| 46 |
+ |
|
| 47 |
+%package -n libapparmor |
|
| 48 |
+Summary: Utility library for AppArmor |
|
| 49 |
+License: GNU LGPL v2.1 |
|
| 50 |
+Group: Development/Libraries/C and C++ |
|
| 51 |
+ |
|
| 52 |
+%description -n libapparmor |
|
| 53 |
+This package contains the AppArmor library. |
|
| 54 |
+ |
|
| 55 |
+%package -n libapparmor-devel |
|
| 56 |
+Summary: Development headers and libraries for libapparmor |
|
| 57 |
+License: GNU LGPL v2.1 |
|
| 58 |
+Group: Development/Libraries/C and C++ |
|
| 59 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 60 |
+ |
|
| 61 |
+%description -n libapparmor-devel |
|
| 62 |
+This package contains development files for libapparmor. |
|
| 63 |
+ |
|
| 64 |
+%package -n apache2-mod_apparmor |
|
| 65 |
+Summary: AppArmor module for apache2 |
|
| 66 |
+License: GNU LGPL v2.1 |
|
| 67 |
+Group: Productivity/Security |
|
| 68 |
+ |
|
| 69 |
+%description -n apache2-mod_apparmor |
|
| 70 |
+This provides the Apache module needed to declare various differing |
|
| 71 |
+confinement policies when running virtual hosts in the webserver |
|
| 72 |
+by using the changehat abilities exposed through libapparmor. |
|
| 73 |
+ |
|
| 74 |
+%package profiles |
|
| 75 |
+Summary: AppArmor profiles that are loaded into the apparmor kernel module |
|
| 76 |
+License: GNU LGPL v2.1 |
|
| 77 |
+Group: Productivity/Security |
|
| 78 |
+Requires: apparmor-parser = %{version}-%{release}
|
|
| 79 |
+Requires: apparmor-abstractions = %{version}-%{release}
|
|
| 80 |
+ |
|
| 81 |
+%description profiles |
|
| 82 |
+This package contains the basic AppArmor profiles. |
|
| 83 |
+ |
|
| 84 |
+%package parser |
|
| 85 |
+Summary: AppArmor userlevel parser utility |
|
| 86 |
+License: GNU LGPL v2.1 |
|
| 87 |
+Group: Productivity/Security |
|
| 88 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 89 |
+Requires: systemd |
|
| 90 |
+ |
|
| 91 |
+%description parser |
|
| 92 |
+The AppArmor Parser is a userlevel program that is used to load in |
|
| 93 |
+program profiles to the AppArmor Security kernel module. |
|
| 94 |
+This package is part of a suite of tools that used to be named |
|
| 95 |
+SubDomain. |
|
| 96 |
+ |
|
| 97 |
+%package abstractions |
|
| 98 |
+Summary: AppArmor abstractions and directory structure |
|
| 99 |
+License: GNU LGPL v2.1 |
|
| 100 |
+Group: Productivity/Security |
|
| 101 |
+Requires: apparmor-parser = %{version}-%{release}
|
|
| 102 |
+ |
|
| 103 |
+%description abstractions |
|
| 104 |
+AppArmor abstractions (common parts used in various profiles) and |
|
| 105 |
+the /etc/apparmor.d/ directory structure. |
|
| 106 |
+ |
|
| 107 |
+%package -n pam_apparmor |
|
| 108 |
+Summary: PAM module for AppArmor change_hat |
|
| 109 |
+License: GNU LGPL v2.1 |
|
| 110 |
+Group: Productivity/Security |
|
| 111 |
+Requires: Linux-PAM |
|
| 112 |
+Requires: Linux-PAM-devel |
|
| 113 |
+ |
|
| 114 |
+%description -n pam_apparmor |
|
| 115 |
+The pam_apparmor module provides the means for any PAM applications |
|
| 116 |
+that call pam_open_session() to automatically perform an AppArmor |
|
| 117 |
+change_hat operation in order to switch to a user-specific security |
|
| 118 |
+policy. |
|
| 119 |
+ |
|
| 120 |
+%package utils |
|
| 121 |
+Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles |
|
| 122 |
+License: GNU LGPL v2.1 |
|
| 123 |
+Group: Productivity/Security |
|
| 124 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 125 |
+Requires: audit |
|
| 126 |
+Requires: apparmor-abstractions = %{version}-%{release}
|
|
| 127 |
+ |
|
| 128 |
+%description utils |
|
| 129 |
+This package contains programs to help create and manage AppArmor |
|
| 130 |
+profiles. |
|
| 131 |
+ |
|
| 132 |
+%package -n python3-apparmor |
|
| 133 |
+Summary: Python 3 interface for libapparmor functions |
|
| 134 |
+License: GNU LGPL v2.1 |
|
| 135 |
+Group: Development/Libraries/Python |
|
| 136 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 137 |
+Requires: python3 |
|
| 138 |
+ |
|
| 139 |
+%description -n python3-apparmor |
|
| 140 |
+This package provides the python3 interface to AppArmor. It is used for python |
|
| 141 |
+applications interfacing with AppArmor. |
|
| 142 |
+ |
|
| 143 |
+%package -n perl-apparmor |
|
| 144 |
+Summary: AppArmor module for perl. |
|
| 145 |
+License: GNU LGPL v2.1 |
|
| 146 |
+Group: Development/Libraries/Perl |
|
| 147 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 148 |
+ |
|
| 149 |
+%description -n perl-apparmor |
|
| 150 |
+This package contains the AppArmor module for perl. |
|
| 151 |
+ |
|
| 152 |
+%package -n ruby-apparmor |
|
| 153 |
+Summary: Ruby interface for libapparmor functions |
|
| 154 |
+License: GNU LGPL v2.1 |
|
| 155 |
+Group: Development/Languages/Ruby |
|
| 156 |
+Requires: libapparmor = %{version}-%{release}
|
|
| 157 |
+Requires: ruby |
|
| 158 |
+ |
|
| 159 |
+%description -n ruby-apparmor |
|
| 160 |
+This package provides the ruby interface to AppArmor. It is used for ruby |
|
| 161 |
+applications interfacing with AppArmor. |
|
| 162 |
+ |
|
| 163 |
+%prep |
|
| 164 |
+%setup -q -n %{name}-%{version}
|
|
| 165 |
+%patch0 -p1 |
|
| 166 |
+%patch1 -p1 |
|
| 167 |
+ |
|
| 168 |
+%build |
|
| 169 |
+export PYTHONPATH=/usr/lib/python3.6/site-packages |
|
| 170 |
+export PYTHON=/usr/bin/python3 |
|
| 171 |
+export PYTHON_VERSION=3.6 |
|
| 172 |
+export PYTHON_VERSIONS=python3 |
|
| 173 |
+#Building libapparmor |
|
| 174 |
+cd ./libraries/libapparmor |
|
| 175 |
+export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib/" |
|
| 176 |
+/sbin/ldconfig |
|
| 177 |
+sh ./autogen.sh |
|
| 178 |
+./configure \ |
|
| 179 |
+ --prefix=%{_prefix} \
|
|
| 180 |
+ --bindir=%{_bindir} \
|
|
| 181 |
+ --libdir=%{_libdir} \
|
|
| 182 |
+ --sysconfdir=/etc \ |
|
| 183 |
+ --with-perl \ |
|
| 184 |
+ --with-python \ |
|
| 185 |
+ --with-ruby |
|
| 186 |
+make %{?_smp_mflags}
|
|
| 187 |
+#Building Binutils |
|
| 188 |
+cd ../../binutils/ |
|
| 189 |
+make %{?_smp_mflags}
|
|
| 190 |
+#Building parser |
|
| 191 |
+cd ../parser |
|
| 192 |
+export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib/" |
|
| 193 |
+export LIBRARY_PATH="$LIBRARY_PATH:/usr/lib" |
|
| 194 |
+echo $LD_LIBRARY_PATH |
|
| 195 |
+echo $LIBRARY_PATH |
|
| 196 |
+make %{?_smp_mflags}
|
|
| 197 |
+#Building Utilities |
|
| 198 |
+cd ../utils |
|
| 199 |
+make %{?_smp_mflags}
|
|
| 200 |
+#Building Apache mod_apparmor |
|
| 201 |
+cd ../changehat/mod_apparmor |
|
| 202 |
+make %{?_smp_mflags}
|
|
| 203 |
+#Building PAM AppArmor |
|
| 204 |
+cd ../pam_apparmor |
|
| 205 |
+make %{?_smp_mflags}
|
|
| 206 |
+#Building Profiles |
|
| 207 |
+cd ../../profiles |
|
| 208 |
+make %{?_smp_mflags}
|
|
| 209 |
+ |
|
| 210 |
+ |
|
| 211 |
+%check |
|
| 212 |
+make check -C libraries/libapparmor |
|
| 213 |
+make check -C binutils |
|
| 214 |
+make check -C parser |
|
| 215 |
+make check -C utils |
|
| 216 |
+make check -C changehat/mod_apparmor |
|
| 217 |
+make check -C pam_apparmor |
|
| 218 |
+make check -C profiles |
|
| 219 |
+ |
|
| 220 |
+%install |
|
| 221 |
+export PYTHONPATH=/usr/lib/python3.6/site-packages |
|
| 222 |
+export PYTHON=/usr/bin/python3 |
|
| 223 |
+export PYTHON_VERSION=3.6 |
|
| 224 |
+export PYTHON_VERSIONS=python3 |
|
| 225 |
+export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib/" |
|
| 226 |
+cd libraries/libapparmor |
|
| 227 |
+make DESTDIR=%{buildroot} install
|
|
| 228 |
+cd ../../binutils/ |
|
| 229 |
+make DESTDIR=%{buildroot} install
|
|
| 230 |
+cd ../parser |
|
| 231 |
+make DESTDIR=%{buildroot} install
|
|
| 232 |
+cd ../utils |
|
| 233 |
+make DESTDIR=%{buildroot} install
|
|
| 234 |
+cd ../changehat/mod_apparmor |
|
| 235 |
+make DESTDIR=%{buildroot} install
|
|
| 236 |
+cd ../pam_apparmor |
|
| 237 |
+make DESTDIR=%{buildroot} install
|
|
| 238 |
+cd ../../profiles |
|
| 239 |
+make DESTDIR=%{buildroot} install
|
|
| 240 |
+ |
|
| 241 |
+%files -n libapparmor |
|
| 242 |
+%defattr(-,root,root) |
|
| 243 |
+%{_libdir}/libapparmor.so.*
|
|
| 244 |
+ |
|
| 245 |
+%post -n libapparmor |
|
| 246 |
+/sbin/ldconfig |
|
| 247 |
+ |
|
| 248 |
+%postun -n libapparmor |
|
| 249 |
+/sbin/ldconfig |
|
| 250 |
+ |
|
| 251 |
+%files -n libapparmor-devel |
|
| 252 |
+%defattr(-,root,root) |
|
| 253 |
+%{_libdir}/libapparmor.a
|
|
| 254 |
+%{_libdir}/libapparmor.la
|
|
| 255 |
+%{_libdir}/libapparmor.so
|
|
| 256 |
+%{_libdir}/pkgconfig/libapparmor.pc
|
|
| 257 |
+%dir %{_includedir}/aalogparse
|
|
| 258 |
+%dir %{_includedir}/sys
|
|
| 259 |
+%{_includedir}/aalogparse/*
|
|
| 260 |
+%{_includedir}/sys/*
|
|
| 261 |
+%doc %{_mandir}/man2/aa_change_hat.2.gz
|
|
| 262 |
+%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
|
|
| 263 |
+%doc %{_mandir}/man2/aa_getcon.2.gz
|
|
| 264 |
+%doc %{_mandir}/man2/aa_query_label.2.gz
|
|
| 265 |
+%doc %{_mandir}/man3/aa_features.3.gz
|
|
| 266 |
+%doc %{_mandir}/man3/aa_kernel_interface.3.gz
|
|
| 267 |
+%doc %{_mandir}/man3/aa_policy_cache.3.gz
|
|
| 268 |
+%doc %{_mandir}/man3/aa_splitcon.3.gz
|
|
| 269 |
+ |
|
| 270 |
+%files -n apache2-mod_apparmor |
|
| 271 |
+%defattr(-,root,root) |
|
| 272 |
+%{_libdir}/httpd/modules/mod_apparmor.so
|
|
| 273 |
+%doc %{_mandir}/man8/mod_apparmor.8.gz
|
|
| 274 |
+ |
|
| 275 |
+%files profiles |
|
| 276 |
+%defattr(-,root,root,755) |
|
| 277 |
+%dir %{_sysconfdir}/apparmor.d/apache2.d
|
|
| 278 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
|
|
| 279 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
|
|
| 280 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
|
|
| 281 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
|
|
| 282 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
|
|
| 283 |
+%dir %{_datadir}/apparmor
|
|
| 284 |
+%{_datadir}/apparmor/extra-profiles/*
|
|
| 285 |
+ |
|
| 286 |
+%files parser |
|
| 287 |
+%defattr(755,root,root,755) |
|
| 288 |
+/sbin/apparmor_parser |
|
| 289 |
+/sbin/rcapparmor |
|
| 290 |
+/lib/apparmor/rc.apparmor.functions |
|
| 291 |
+/lib/apparmor/apparmor.systemd |
|
| 292 |
+%{_bindir}/aa-exec
|
|
| 293 |
+%{_bindir}/aa-enabled
|
|
| 294 |
+%attr(644,root,root) %{_prefix}%{_unitdir}/apparmor.service
|
|
| 295 |
+%dir %{_sysconfdir}/apparmor
|
|
| 296 |
+%dir %{_sysconfdir}/apparmor.d
|
|
| 297 |
+%config(noreplace) %{_sysconfdir}/apparmor/parser.conf
|
|
| 298 |
+%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
|
|
| 299 |
+%{_localstatedir}/lib/apparmor
|
|
| 300 |
+%doc %{_mandir}/man5/apparmor.d.5.gz
|
|
| 301 |
+%doc %{_mandir}/man5/apparmor.vim.5.gz
|
|
| 302 |
+%doc %{_mandir}/man5/subdomain.conf.5.gz
|
|
| 303 |
+%doc %{_mandir}/man7/apparmor.7.gz
|
|
| 304 |
+%doc %{_mandir}/man8/apparmor_parser.8.gz
|
|
| 305 |
+%doc %{_mandir}/man1/aa-enabled.1.gz
|
|
| 306 |
+%doc %{_mandir}/man1/aa-exec.1.gz
|
|
| 307 |
+%doc %{_mandir}/man2/aa_stack_profile.2.gz
|
|
| 308 |
+ |
|
| 309 |
+%preun parser |
|
| 310 |
+%systemd_preun apparmor.service |
|
| 311 |
+ |
|
| 312 |
+%post parser |
|
| 313 |
+%systemd_post apparmor.service |
|
| 314 |
+ |
|
| 315 |
+%postun parser |
|
| 316 |
+%systemd_postun_with_restart apparmor.service |
|
| 317 |
+ |
|
| 318 |
+%files abstractions |
|
| 319 |
+%defattr(644,root,root,755) |
|
| 320 |
+%dir %{_sysconfdir}/apparmor.d/abstractions
|
|
| 321 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/*
|
|
| 322 |
+%dir %{_sysconfdir}/apparmor.d/disable
|
|
| 323 |
+%dir %{_sysconfdir}/apparmor.d/local
|
|
| 324 |
+%dir %{_sysconfdir}/apparmor.d/tunables
|
|
| 325 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
|
|
| 326 |
+%exclude %{_datadir}/locale
|
|
| 327 |
+ |
|
| 328 |
+%files utils |
|
| 329 |
+%defattr(-,root,root) |
|
| 330 |
+%config(noreplace) %{_sysconfdir}/apparmor/easyprof.conf
|
|
| 331 |
+%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
|
|
| 332 |
+%config(noreplace) %{_sysconfdir}/apparmor/notify.conf
|
|
| 333 |
+%config(noreplace) %{_sysconfdir}/apparmor/severity.db
|
|
| 334 |
+/sbin/aa-teardown |
|
| 335 |
+%{_sbindir}/aa-*
|
|
| 336 |
+%{_sbindir}/apparmor_status
|
|
| 337 |
+%{_bindir}/aa-easyprof
|
|
| 338 |
+%{_datadir}/apparmor/easyprof/
|
|
| 339 |
+%dir %{_datadir}/apparmor
|
|
| 340 |
+%{_datadir}/apparmor/apparmor.vim
|
|
| 341 |
+%doc %{_mandir}/man2/aa_change_profile.2.gz
|
|
| 342 |
+%doc %{_mandir}/man5/logprof.conf.5.gz
|
|
| 343 |
+%doc %{_mandir}/man8/aa-*.gz
|
|
| 344 |
+%doc %{_mandir}/man8/apparmor_status.8.gz
|
|
| 345 |
+ |
|
| 346 |
+%files -n pam_apparmor |
|
| 347 |
+%defattr(-,root,root,755) |
|
| 348 |
+/lib/security/pam_apparmor.so |
|
| 349 |
+ |
|
| 350 |
+%files -n python3-apparmor |
|
| 351 |
+%defattr(-,root,root) |
|
| 352 |
+%dir %{_libdir}/python3.6/site-packages/LibAppArmor
|
|
| 353 |
+%dir %{_libdir}/python3.6/site-packages/LibAppArmor/__pycache__
|
|
| 354 |
+%{_libdir}/python3.6/site-packages/LibAppArmor/_LibAppArmor.cpython-*.so
|
|
| 355 |
+%{_libdir}/python3.6/site-packages/LibAppArmor/__pycache__/__init__.cpython-*.pyc
|
|
| 356 |
+%{_libdir}/python3.6/site-packages/LibAppArmor/__pycache__/LibAppArmor.cpython-*.pyc
|
|
| 357 |
+%{_libdir}/python3.6/site-packages/LibAppArmor/__init__.py
|
|
| 358 |
+%{_libdir}/python3.6/site-packages/LibAppArmor/LibAppArmor.py
|
|
| 359 |
+%{_libdir}/python3.6/site-packages/LibAppArmor-%{version}-py*.egg-info
|
|
| 360 |
+%{_libdir}/python3.6/site-packages/apparmor-%{version}-py*.egg-info
|
|
| 361 |
+%dir %{_libdir}/python3.6/site-packages/apparmor
|
|
| 362 |
+%{_libdir}/python3.6/site-packages/apparmor/*
|
|
| 363 |
+ |
|
| 364 |
+%files -n perl-apparmor |
|
| 365 |
+%defattr(-,root,root) |
|
| 366 |
+%{perl_vendorarch}/auto/LibAppArmor/
|
|
| 367 |
+%{perl_vendorarch}/LibAppArmor.pm
|
|
| 368 |
+%exclude %{_libdir}/perl5/5.24.1/x86_64-linux-thread-multi/perllocal.pod
|
|
| 369 |
+ |
|
| 370 |
+%files -n ruby-apparmor |
|
| 371 |
+%defattr(-,root,root) |
|
| 372 |
+%{_libdir}/ruby/site_ruby/2.4.0/x86_64-linux/LibAppArmor.so
|
|
| 373 |
+ |
|
| 374 |
+%changelog |
|
| 375 |
+* Thu Aug 30 2018 Keerthana K <keerthanak@vmware.com> 2.13-1 |
|
| 376 |
+- Initial Apparmor package for Photon. |
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
Summary: Docker |
| 5 | 5 |
Name: docker |
| 6 | 6 |
Version: 17.06.0 |
| 7 |
-Release: 4%{?dist}
|
|
| 7 |
+Release: 5%{?dist}
|
|
| 8 | 8 |
License: ASL 2.0 |
| 9 | 9 |
URL: http://docs.docker.com |
| 10 | 10 |
Group: Applications/File |
| ... | ... |
@@ -43,6 +43,9 @@ BuildRequires: sed |
| 43 | 43 |
BuildRequires: cmake |
| 44 | 44 |
BuildRequires: findutils |
| 45 | 45 |
BuildRequires: git |
| 46 |
+BuildRequires: libapparmor |
|
| 47 |
+BuildRequires: libapparmor-devel |
|
| 48 |
+Requires: libapparmor |
|
| 46 | 49 |
Requires: libltdl |
| 47 | 50 |
Requires: libgcc |
| 48 | 51 |
Requires: glibc |
| ... | ... |
@@ -100,8 +103,8 @@ git config --global http.proxy http://localhost:0 |
| 100 | 100 |
export GOPATH="/go" |
| 101 | 101 |
export PATH="$PATH:$GOPATH/bin" |
| 102 | 102 |
|
| 103 |
-export DOCKER_BUILDTAGS="pkcs11 seccomp exclude_graphdriver_aufs" |
|
| 104 |
-export RUNC_BUILDTAGS="seccomp" |
|
| 103 |
+export DOCKER_BUILDTAGS="pkcs11 seccomp apparmor exclude_graphdriver_aufs" |
|
| 104 |
+export RUNC_BUILDTAGS="seccomp apparmor" |
|
| 105 | 105 |
|
| 106 | 106 |
cd /go/src/github.com |
| 107 | 107 |
|
| ... | ... |
@@ -220,6 +223,8 @@ rm -rf %{buildroot}/*
|
| 220 | 220 |
%{_datadir}/vim/vimfiles/syntax/dockerfile.vim
|
| 221 | 221 |
|
| 222 | 222 |
%changelog |
| 223 |
+* Thu Aug 30 2018 Keerthana K <keerthanak@vmware.com> 17.06.0-5 |
|
| 224 |
+- Updated BuildTags to include apparmor. |
|
| 223 | 225 |
* Fri Sep 22 2017 Bo Gan <ganb@vmware.com> 17.06.0-4 |
| 224 | 226 |
- disable docker service by default |
| 225 | 227 |
* Fri Sep 08 2017 Bo Gan <ganb@vmware.com> 17.06.0-3 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Contains the GNU compiler collection |
| 3 | 3 |
Name: gcc |
| 4 | 4 |
Version: 7.3.0 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: GPLv2+ |
| 7 | 7 |
URL: http://gcc.gnu.org |
| 8 | 8 |
Group: Development/Tools |
| ... | ... |
@@ -206,6 +206,7 @@ make %{?_smp_mflags} check-gcc
|
| 206 | 206 |
%defattr(-,root,root) |
| 207 | 207 |
%{_lib64dir}/libstdc++.so
|
| 208 | 208 |
%{_lib64dir}/libstdc++.la
|
| 209 |
+%{_lib64dir}/libstdc++.a
|
|
| 209 | 210 |
|
| 210 | 211 |
%{_includedir}/c++/*
|
| 211 | 212 |
|
| ... | ... |
@@ -221,6 +222,8 @@ make %{?_smp_mflags} check-gcc
|
| 221 | 221 |
%{_lib64dir}/libgomp.spec
|
| 222 | 222 |
|
| 223 | 223 |
%changelog |
| 224 |
+* Thu Aug 30 2018 Keerthana K <keerthanak@vmware.com> 7.3.0-2 |
|
| 225 |
+- Packaging .a files (libstdc++-static files). |
|
| 224 | 226 |
* Wed Aug 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 7.3.0-1 |
| 225 | 227 |
- Update to version 7.3.0 to get retpoline support. |
| 226 | 228 |
* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> 6.3.0-7 |