[apparmor] dnsmasq profile - backport to 2.7?

2012-01-09 Thread Christian Boltz 
Hello,

I compared the profiles in trunk and the 2.7 branch. 
There are not too many differences left:
- the (intended) small difference that 2.7 allows /.htaccess for 
  httpd-prefork
- a patch in the dnsmasq profile (see below), which should be backported 
  to 2.7 IMHO
- oh, and my smbd / smbldap-useradd patch is still pending...

Feedback welcome ;-)


diff -u -p -r 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq 
HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq 
  
--- 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-21 
19:03:34.0 +0100
+++ HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-29 
01:57:46.0 +0100
@@ -9,6 +9,8 @@
 #
 # --
 
+@{TFTP_DIR}=/var/tftp
+
 #include tunables/global
 /usr/sbin/dnsmasq {
   #include abstractions/base
@@ -36,6 +38,10 @@
 
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
 
+  # for the read-only TFTP server
+  @{TFTP_DIR}/ r,
+  @{TFTP_DIR}/** r,
+
   # libvirt lease and hosts files for dnsmasq
   /var/lib/libvirt/dnsmasq/r,
   /var/lib/libvirt/dnsmasq/*.leases rw,


Regards,

Christian Boltz
-- 
Wenn Windows2000 die Antwort sein soll, wie bescheuert muss bloss die
Frage gewesen sein


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] dnsmasq profile - backport to 2.7?

2012-01-09 Thread Steve Beattie 
On Mon, Jan 09, 2012 at 02:24:55PM +0100, Christian Boltz wrote:
 Hello,
 
 I compared the profiles in trunk and the 2.7 branch. 
 There are not too many differences left:
 - the (intended) small difference that 2.7 allows /.htaccess for 
   httpd-prefork
 - a patch in the dnsmasq profile (see below), which should be backported 
   to 2.7 IMHO
 
 Feedback welcome ;-)
 
 
 diff -u -p -r 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq 
 HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq   
 
 --- 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-21 
 19:03:34.0 +0100
 +++ HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-29 
 01:57:46.0 +0100
 @@ -9,6 +9,8 @@
  #
  # --
  
 +@{TFTP_DIR}=/var/tftp
 +
  #include tunables/global
  /usr/sbin/dnsmasq {
#include abstractions/base
 @@ -36,6 +38,10 @@
  
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
  
 +  # for the read-only TFTP server
 +  @{TFTP_DIR}/ r,
 +  @{TFTP_DIR}/** r,
 +
# libvirt lease and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/r,
/var/lib/libvirt/dnsmasq/*.leases rw,

Acked-By: Steve Beattie sbeat...@ubuntu.com for 2.7

Thanks.

 - oh, and my smbd / smbldap-useradd patch is still pending...

Sorry, I'll review it in a second.

-- 
Steve Beattie
sbeat...@ubuntu.com
http://NxNW.org/~steve/


signature.asc
Description: Digital signature
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor