Hello, this patch updates the mlmmj profiles in the extras directory to the profiles that are used on lists.opensuse.org now. Besides adding lots of trailing slashes for directories, several permissions were added. Also, usr.bin.mlmmj-receive gets added - it seems upstream renamed mlmmj-recieve to fix a typo.
These profiles were provided by Per Jessen. References: https://bugzilla.opensuse.org/show_bug.cgi?id=1000201 I propose this patch for trunk, 2.10 and 2.9. In trunk, I'd also like to delete the mlmmj-recieve profile (for the misnamed binary), but I tend to keep it in 2.10 and 2.9 to avoid regressions. [ mlmmj.diff ] === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce 2016-11-07 16:49:35 +0000 @@ -16,7 +16,24 @@ /usr/bin/mlmmj-bounce r, /usr/bin/mlmmj-send Px, + /usr/bin/mlmmj-maintd Px, + /var/spool/mlmmj/*/subscribers.d/ r, + /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/subconf rwl, # /var/spool/mlmmj/*/subconf/* rwl, + /var/spool/mlmmj/*/queue rwl, # /var/spool/mlmmj/*/queue/* rwl, - + /var/spool/mlmmj/*/bounce/ rwl, + + /var/spool/mlmmj/*/nomailsubs.d/ r, + /var/spool/mlmmj/*/nomailsubs.d/* r, + /var/spool/mlmmj/*/digesters.d/ r, + /var/spool/mlmmj/*/digesters.d/* r, + + /var/spool/mlmmj/*/bounce/* rw, + + /var/spool/mlmmj/*/unsubconf/* w, + + /usr/share/mlmmj/text.skel/*/* r, + /var/spool/mlmmj/*/control/* r, } === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd 2016-11-07 16:49:47 +0000 @@ -18,19 +18,34 @@ /usr/bin/mlmmj-maintd r, /usr/bin/mlmmj-send Px, + /usr/bin/mlmmj-bounce Px, + /usr/bin/mlmmj-unsub Px, - /var/spool/mlmmj r, - /var/spool/mlmmj/*/bounce r, + /var/spool/mlmmj/ r, + /var/spool/mlmmj/* r, # + /var/spool/mlmmj/*/bounce/ r, + /var/spool/mlmmj/*/bounce/* rw, /var/spool/mlmmj/*/index r, - /var/spool/mlmmj/*/lastdigest rw, + /var/spool/mlmmj/*/lastdigest rwk, /var/spool/mlmmj/*/maintdlog-* lrw, /var/spool/mlmmj/*/mlmmj-maintd.lastrun.log w, - /var/spool/mlmmj/*/moderation r, + /var/spool/mlmmj/*/moderation/ r, + /var/spool/mlmmj/*/moderation/* w, + /var/spool/mlmmj/*/archive/ r, /var/spool/mlmmj/*/archive/* r, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/queue r, - /var/spool/mlmmj/*/queue/* rwl, - /var/spool/mlmmj/*/requeue r, - /var/spool/mlmmj/*/subconf r, - /var/spool/mlmmj/*/unsubconf r, + /var/spool/mlmmj/*/queue/ r, + /var/spool/mlmmj/*/queue/** rwl, + /var/spool/mlmmj/*/requeue/ r, + /var/spool/mlmmj/*/requeue/* rw, + /var/spool/mlmmj/*/requeue/*/ rw, + /var/spool/mlmmj/*/subconf/ r, + /var/spool/mlmmj/*/subconf/* rw, + /var/spool/mlmmj/*/unsubconf/ r, + /var/spool/mlmmj/*/unsubconf/* rw, + + /usr/share/mlmmj/text.skel/*/digest r, + /var/spool/mlmmj/*/mlmmj.operation.log rwk, + } === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-process' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-process 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-process 2016-11-07 16:50:03 +0000 @@ -19,11 +19,27 @@ /usr/bin/mlmmj-sub Px, /usr/bin/mlmmj-unsub Px, /usr/bin/mlmmj-bounce Px, + # skeleton data + /usr/share/mlmmj/text.skel/ r, + /usr/share/mlmmj/text.skel/*/* r, + /var/spool/mlmmj/*/control/* r, /var/spool/mlmmj/*/text/* r, /var/spool/mlmmj/*/incoming/* rwl, - /var/spool/mlmmj/*/queue/* rwl, + /var/spool/mlmmj/*/queue/** rwl, /var/spool/mlmmj/*/subconf/* rwl, /var/spool/mlmmj/*/unsubconf/* rwl, - /var/spool/mlmmj/*/mlmmj.operation.log rw, + /var/spool/mlmmj/*/mlmmj.operation.log rwk, + /var/spool/mlmmj/*/mlmmj.operation.log.rotated w, + + /var/spool/mlmmj/*/nomailsubs.d/ r, + /var/spool/mlmmj/*/nomailsubs.d/* r, + /var/spool/mlmmj/*/subscribers.d/ r, + /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/digesters.d/ r, + /var/spool/mlmmj/*/digesters.d/* r, + + /var/spool/mlmmj/*/moderation/* rw, + /etc/mlmmj/text/*/* r, + } === added file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive 1970-01-01 00:00:00 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive 2016-11-07 16:50:13 +0000 @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:syntax=apparmor + +#include <tunables/global> + +/usr/bin/mlmmj-receive { + #include <abstractions/base> + + /usr/bin/mlmmj-process Px, + /usr/bin/mlmmj-receive r, + /var/spool/mlmmj/*/incoming/ rw, + /var/spool/mlmmj/*/incoming/* rw, +} === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-send' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-send 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-send 2016-11-07 16:53:17 +0000 @@ -18,8 +18,13 @@ /usr/bin/mlmmj-send r, /var/spool/mlmmj/*/archive/* w, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/index rw, - /var/spool/mlmmj/*/queue/* lrw, - /var/spool/mlmmj/*/subscribers.d r, + /var/spool/mlmmj/*/index rwk, + /var/spool/mlmmj/*/queue/* klrw, + /var/spool/mlmmj/*/subscribers.d/ r, /var/spool/mlmmj/*/subscribers.d/* r, + + /var/spool/mlmmj/*/digesters.d/ r, + + /var/spool/mlmmj/*/moderation/* rwk, + } === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub 2016-11-07 16:56:10 +0000 @@ -18,11 +18,23 @@ /usr/bin/mlmmj-send Px, /usr/bin/mlmmj-sub r, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/queue/* w, - /var/spool/mlmmj/*/subconf/* w, - /var/spool/mlmmj/*/subscribers.d rw, - /var/spool/mlmmj/*/subscribers.d/* rw, - /var/spool/mlmmj/*/subscribers.d/.d.lock lw, + /var/spool/mlmmj/*/queue/ rw, + /var/spool/mlmmj/*/queue/* rw, + /var/spool/mlmmj/*/subconf/ rw, + /var/spool/mlmmj/*/subconf/* rw, + /var/spool/mlmmj/*/subscribers.d/ rw, + /var/spool/mlmmj/*/subscribers.d/* rwk, + /var/spool/mlmmj/*/text/ r, # /var/spool/mlmmj/*/text/* r, + + /usr/share/mlmmj/text.skel/*/* r, + + /var/spool/mlmmj/*/nomailsubs.d/ rw, + /var/spool/mlmmj/*/nomailsubs.d/* rwk, + + /var/spool/mlmmj/*/digesters.d/ rw, + /var/spool/mlmmj/*/digesters.d/* rwk, + } === modified file 'profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub' --- profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub 2010-12-20 20:29:10 +0000 +++ profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub 2016-11-07 16:50:52 +0000 @@ -16,12 +16,25 @@ /usr/bin/mlmmj-unsub r, /usr/bin/mlmmj-send Px, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, + /var/spool/mlmmj/*/text/ r, /var/spool/mlmmj/*/text/* r, - /var/spool/mlmmj/*/subscribers.d r, - /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/queue/ rwl, /var/spool/mlmmj/*/queue/* rwl, + /var/spool/mlmmj/*/unsubconf/ rwl, /var/spool/mlmmj/*/unsubconf/* rwl, - /var/spool/mlmmj/*/subscribers.d/* rwl, + /var/spool/mlmmj/*/subscribers.d/ rw, + /var/spool/mlmmj/*/subscribers.d/* rwk, + + /var/spool/mlmmj/*/nomailsubs.d/ rw, + /var/spool/mlmmj/*/nomailsubs.d/* rwk, + + /var/spool/mlmmj/*/digesters.d/ rw, + /var/spool/mlmmj/*/digesters.d/* rwk, + + /usr/share/mlmmj/text.skel/*/* r, + /etc/mlmmj/text/*/finish r, + } Regards, Christian Boltz -- Man kann nicht Leuten helfen, die nicht verraten, was sie wollen. Das ist so sexy wie zum Arzt zu gehen und nicht zu verraten, wo es weh tut. [Peer Heinlein in mailman-de]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
