Hello, acmetool is an alternative client for Let's Encrypt. (https://github.com/hlandau/acme/)
It stores the certificates etc. in the following directory layout:
/var/lib/acme/live/<domain> -> ../certs/<hash>
/var/lib/acme/certs/<hash>/cert
/var/lib/acme/certs/<hash>/chain
/var/lib/acme/certs/<hash>/privkey -> ../../keys/<hash>/privkey
/var/lib/acme/certs/<hash>/url
/var/lib/acme/certs/<hash>/fullchain
/var/lib/acme/keys/<hash>/privkey
This patch adds the needed permissions to the ssl_certs and ssl_keys
abstractions so that the certificates can be used.
I propose this patch for trunk, 2.10 and 2.9.
[ abstractions-ssl-acmetool.diff ]
=== modified file 'profiles/apparmor.d/abstractions/ssl_certs'
--- profiles/apparmor.d/abstractions/ssl_certs 2015-01-31 15:51:17 +0000
+++ profiles/apparmor.d/abstractions/ssl_certs 2016-03-27 16:28:03 +0000
@@ -23,3 +23,7 @@
/usr/local/share/ca-certificates/** r,
/var/lib/ca-certificates/ r,
/var/lib/ca-certificates/** r,
+
+ # acmetool
+ /var/lib/acme/certs/*/chain r,
+ /var/lib/acme/certs/*/cert r,
=== modified file 'profiles/apparmor.d/abstractions/ssl_keys'
--- profiles/apparmor.d/abstractions/ssl_keys 2010-12-20 20:29:10 +0000
+++ profiles/apparmor.d/abstractions/ssl_keys 2016-03-27 16:32:32 +0000
@@ -16,3 +16,7 @@
/etc/ssl/ r,
/etc/ssl/** r,
+ # acmetool
+ /var/lib/acme/live/* r,
+ /var/lib/acme/certs/** r,
+ /var/lib/acme/keys/** r,
Regards,
Christian Boltz
--
das Gerät ist doch am USB-Port angeschlossen, also verfolge einfach
das Kabel von USB-Anschluss, am Ende solltest du dein Gerät
wiederfinden (vielleicht ist es ja nur vom Schreibtisch gefallen)
[Kai Lindenberg in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
