Hello, $subject. - allow reading @{PROC}/@{pid}/net/netstat and @{PROC}/@{pid}/net/snmp - drop owner conditional - /proc/*/net/* is always owned by root, and the owner conditional means breaking netstat for non-root users - drop "@{PROC}/@{pids}/fd r," - /proc/*/fd is a directory, so this rule would never apply
This is an "extra" profile, which means updating it in trunk is enough ;-) === modified file 'profiles/apparmor/profiles/extras/bin.netstat' --- profiles/apparmor/profiles/extras/bin.netstat 2016-12-03 09:59:01 +0000 +++ profiles/apparmor/profiles/extras/bin.netstat 2017-08-06 18:27:06 +0000 @@ -2,6 +2,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) 2017 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -27,15 +28,16 @@ /etc/networks r, @{PROC} r, @{PROC}/@{pids}/cmdline r, - @{PROC}/@{pids}/fd r, @{PROC}/net r, @{PROC}/net/* r, @{PROC}/@{pids}/fd/ r, - owner @{PROC}/@{pid}/net/raw r, - owner @{PROC}/@{pid}/net/raw6 r, - owner @{PROC}/@{pid}/net/tcp r, - owner @{PROC}/@{pid}/net/tcp6 r, - owner @{PROC}/@{pid}/net/udp r, - owner @{PROC}/@{pid}/net/udp6 r, - owner @{PROC}/@{pid}/net/unix r, + @{PROC}/@{pid}/net/netstat r, + @{PROC}/@{pid}/net/raw r, + @{PROC}/@{pid}/net/snmp r, + @{PROC}/@{pid}/net/raw6 r, + @{PROC}/@{pid}/net/tcp r, + @{PROC}/@{pid}/net/tcp6 r, + @{PROC}/@{pid}/net/udp r, + @{PROC}/@{pid}/net/udp6 r, + @{PROC}/@{pid}/net/unix r, } Regards, Christian Boltz -- > Wenn mir jemand im Klartext (deutsch oder schwäbisch) schreiben könnte Om's scsi_mod musch di et kimmra, des kå modprobe en dr /lib/modules/`uname -r`/modules.dep, die vom depmod gschriba wird, selbr rausfenda. [> Ute Ferlein und David Haller in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor