Re: [Fwknop-discuss] Apparmor profile for fwknopd

Fri, 09 Aug 2013 00:12:29 -0700 

Hi Mike,

Just one thing. We might need to add /bin/bash into the profile since /bin/sh is
linked to /bin/dash in Debian but not in other Distro's.

/bin/bash rix

Radi

On Thu, 08. Aug 23:35, Michael Rash wrote:
> On Aug 08, 2013, Radostan Riedel wrote:
> 
> > Hello,
> 
> Hello Radostan,
> 
> > I've been using my own apparmor profile for fwknopd 2.0 for a while on my 
> > ubuntu
> > servers and I figured I'd like to share it and see if anyone can find some
> > improvements. I haven't checked it with fwknopd 2.5 yet. It's Debian/Ubuntu
> > specific and I've only tried it with GPG.
> 
> Many thanks for sending this.  I'll do some testing with 2.5.1 and add
> your apparmor profile to the extras/ directory.
> 
> --Mike
> 
> 
> > kind regards
> > 
> > cat /etc/apparmor.d/usr.sbin.fwknopd
> > # Last Modified: Wed Feb 20 08:56:57 2013
> > #include <tunables/global>
> > 
> > /usr/sbin/fwknopd {
> >   #include <abstractions/base>
> > 
> >   capability ipc_lock,
> >   capability net_admin,
> >   capability net_raw,
> > 
> >   network inet raw,
> >   network packet raw,
> > 
> >   /bin/dash rix,
> >   /etc/fwknop/access.conf r,
> >   /etc/fwknop/fwknopd.conf r,
> >   /etc/nsswitch.conf r,
> >   /etc/passwd r,
> >   /etc/protocols r,
> >   /root/.gnupg/* rw,
> >   /run/fwknop/* rwk,
> >   /sbin/xtables-multi rix,
> >   /usr/bin/gpg rix,
> >   /usr/sbin/fwknopd mr,
> >   /var/cache/nscd/passwd r,
> > 
> > }
> 
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead. 
> Download for free and get started troubleshooting in minutes. 
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to