Bug#796374: Add AppArmor profile

Fri, 21 Aug 2015 08:28:15 -0700 

Package: haveged
Version: 1.9.1-1
Severity: minor
User: pkg-apparmor-t...@lists.alioth.debian.org
Usertags: new-profile

Hello,

Please find enclosed a patch which adds a AppArmor profile for the haveged 
package.


Best,

  nicoo

From 31e83ae7a0246bb04c16b5a237e8e20a12db097c Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nicolas.braud-sant...@iaik.tugraz.at>
Date: Fri, 21 Aug 2015 16:20:35 +0200
Subject: [PATCH] Add AppArmor profile. Bump to 1.9.1-2

---
 debian/apparmor-profile | 22 ++++++++++++++++++++++
 debian/changelog        |  6 ++++++
 debian/control          |  2 +-
 debian/rules            |  7 +++++++
 4 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 debian/apparmor-profile

diff --git a/debian/apparmor-profile b/debian/apparmor-profile
new file mode 100644
index 0000000..fa8b4a2
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,22 @@
+# Last Modified: Fri Aug 21 15:23:17 2015
+#include <tunables/global>
+
+/usr/sbin/haveged {
+  #include <abstractions/base>
+  #include <local/usr.sbin.haveged>
+
+  # Required for ioctl RNDADDENTROPY
+  capability sys_admin,
+
+  owner @{PROC}/@{pid}/status r,
+
+  @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/sys/kernel/random/poolsize r,
+  @{PROC}/sys/kernel/random/write_wakeup_threshold w,
+  /dev/random w,
+  
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/cpu/cpu*/cache/ r,
+  /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
+  /usr/sbin/haveged mr,
+}
diff --git a/debian/changelog b/debian/changelog
index 94d6363..c0e3ffb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+haveged (1.9.1-2) unstable; urgency=low
+
+  * Add AppArmor profile
+
+ -- Nicolas Braud-Santoni <nico...@braud-santoni.eu>  Fri, 21 Aug 2015 16:16:55 +0200
+
 haveged (1.9.1-1) unstable; urgency=low
 
   * Imported Upstream version 1.9.1. (Closes: #739403)
diff --git a/debian/control b/debian/control
index fe01e3f..cc5a712 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: haveged
 Section: misc
 Priority: extra
 Maintainer: Jérémy Bobbio <lu...@debian.org>
-Build-Depends: debhelper (>= 9), dh-autoreconf, dh-systemd
+Build-Depends: debhelper (>= 9), dh-apparmor, dh-autoreconf, dh-systemd
 Standards-Version: 3.9.5
 Homepage: http://www.issihosts.com/haveged/
 Vcs-Git: git://git.debian.org/git/collab-maint/haveged.git
diff --git a/debian/rules b/debian/rules
index 6f9d395..37dab29 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,3 +15,10 @@ override_dh_auto_configure:
 
 override_dh_strip:
 	dh_strip --dbg-package=libhavege1-dbg
+
+override_dh_install:
+	dh_install
+
+	mkdir -p debian/haveged/etc/apparmor.d
+	cp debian/apparmor-profile   debian/haveged/etc/apparmor.d/usr.sbin.haveged
+	dh_apparmor --profile-name=usr.sbin.haveged -phaveged
-- 
2.1.4

Attachment: pgpGUDZjIKN7H.pgp
Description: PGP signature

Reply via email to