Hello,
in 2011 (r1803), the traceroute profile was changed to also match
/usr/bin/traceroute.db:
/usr/{sbin/traceroute,bin/traceroute.db} {
However, permissions for /usr/bin/traceroute.db were never added.
This patch fixes this.
While on it, also change the /usr/sbin/traceroute permissions from
rmix to the less confusing mrix.
I propose this patch for trunk, 2.10 and 2.9.
[ traceroute-both-paths.diff ]
=== modified file 'profiles/apparmor.d/usr.sbin.traceroute'
--- profiles/apparmor.d/usr.sbin.traceroute 2011-11-30 12:15:21 +0000
+++ profiles/apparmor.d/usr.sbin.traceroute 2016-09-29 19:30:25 +0000
@@ -20,7 +20,8 @@
network inet raw,
network inet6 raw,
- /usr/sbin/traceroute rmix,
+ /usr/sbin/traceroute mrix,
+ /usr/bin/traceroute.db mrix,
@{PROC}/net/route r,
# Site-specific additions and overrides. See local/README for details.
Regards,
Christian Boltz
--
[BILD] Als langjährig tätiger Strafverteidiger (und Fan von Volker
Pispers) muß ich jedoch dringend davor warnen, stinkende tote Fische in
dieses Freiexemplar der sogenannten "Zeitung" einzuwickeln. Weil das ein
Strafverfahren wegen Beleidigung zulasten des Fisches nach sich ziehen
könnte.
[http://www.kanzlei-hoenig.de/2012/keine-stinkende-tote-fische-im-briefkasten/]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
