Re: [apparmor] [patch] syslog-ng - capability dac_read_search

Hello, Am Donnerstag, 5. Januar 2012 schrieb Steve Beattie: > On Thu, Jan 05, 2012 at 12:26:45PM +0100, Christian Boltz wrote: > > according to Peter Czanik, the openSUSE syslog-ng maintainer, > > syslog-ng needs capability dac_read_search. > > > > I also nominate this patch for the 2.7 branch. >

Re: [apparmor] [patch] split off apache permissions to abstractions/apache2-common

Hello, Am Donnerstag, 5. Januar 2012 schrieb Steve Beattie: > On Thu, Jan 05, 2012 at 09:02:22PM +0100, Christian Boltz wrote: > > Am Mittwoch, 4. Januar 2012 schrieb Steve Beattie: > > > On Thu, Dec 22, 2011 at 01:17:57AM +0100, Christian Boltz wrote: > > My patch changes this to /**/.htaccess,

Re: [apparmor] [patch] syslog-ng - capability dac_read_search

On Thu, Jan 05, 2012 at 12:26:45PM +0100, Christian Boltz wrote: > according to Peter Czanik, the openSUSE syslog-ng maintainer, syslog-ng > needs capability dac_read_search. > > I also nominate this patch for the 2.7 branch. I think this is okay (we already have dac_override) but is there a ref

Re: [apparmor] [patch] smbd - various /usr/lib*/samba rules

On Thu, Jan 05, 2012 at 09:42:32PM +0100, Christian Boltz wrote: > Am Donnerstag, 5. Januar 2012 schrieb Christian Boltz: > > Hello, > > > > according to Lars Müller (a samba developer) smbd needs access to some > > more files in /usr/lib*/samba/ in some cases. > > > > References: https://bugzill

Re: [apparmor] [patch] split off apache permissions to abstractions/apache2-common

Hi Christian, On Thu, Jan 05, 2012 at 09:02:22PM +0100, Christian Boltz wrote: > Am Mittwoch, 4. Januar 2012 schrieb Steve Beattie: > > On Thu, Dec 22, 2011 at 01:17:57AM +0100, Christian Boltz wrote: > > > > I'm also nominating this patch for the 2.7 branch (maybe except > > > disallowing /.htac

Re: [apparmor] [patch] smbd - various /usr/lib*/samba rules

Hello, Am Donnerstag, 5. Januar 2012 schrieb Christian Boltz: > Hello, > > according to Lars Müller (a samba developer) smbd needs access to some > more files in /usr/lib*/samba/ in some cases. > > References: https://bugzilla.novell.com/show_bug.cgi?id=725967#c5 The *.dat should be r, not mr.

[apparmor] [patch] smbd - various /usr/lib*/samba rules

Hello, according to Lars Müller (a samba developer) smbd needs access to some more files in /usr/lib*/samba/ in some cases. References: https://bugzilla.novell.com/show_bug.cgi?id=725967#c5 === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-12-29

Re: [apparmor] [patch] split off apache permissions to abstractions/apache2-common

Hello, Am Mittwoch, 4. Januar 2012 schrieb Steve Beattie: > On Thu, Dec 22, 2011 at 01:17:57AM +0100, Christian Boltz wrote: > > I'm also nominating this patch for the 2.7 branch (maybe except > > disallowing /.htaccess for ^HANDLING_UNTRUSTED_INPUT if you are > > afraid it breaks some setups) >

[apparmor] [patch] syslog-ng - capability dac_read_search

Hello, according to Peter Czanik, the openSUSE syslog-ng maintainer, syslog-ng needs capability dac_read_search. I also nominate this patch for the 2.7 branch. === modified file 'profiles/apparmor.d/sbin.syslog-ng' --- profiles/apparmor.d/sbin.syslog-ng 2011-09-15 19:21:57 + +++ profiles/a