Bug 143336

Summary: apparmor profiles need more additions
Product: [openSUSE] SUSE Linux 10.1 Reporter: Ruediger Oertel <ro>
Component: AppArmorAssignee: Dominic W Reynolds <dreynolds>
Status: RESOLVED FIXED QA Contact: Dominic W Reynolds <dreynolds>
Severity: Normal    
Priority: P5 - None CC: kernel01
Version: Alpha 4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ruediger Oertel 2006-01-16 11:15:44 UTC 
most annoying one first:
SubDomain: REJECTING r access to /suse/okir/.ssh/authorized_keys (sshd(30498) profile /usr/sbin/sshd active /usr/sbin/sshd)

SubDomain: REJECTING w access to /tmp/ssh-WjvLX30584 (sshd(30584) profile /usr/sbin/sshd active /usr/sbin/sshd)
SubDomain: REJECTING r access to /etc/environment (sshd(30584) profile /usr/sbin/sshd active /usr/sbin/sshd)


for ntp:
SubDomain: REJECTING access to capability 'sys_resource' (ntpd(4333) profile /usr/sbin/ntpd active /usr/sbin/ntpd)

for nscd:
SubDomain: REJECTING r access to /proc/4318/maps (nscd(4323) profile /usr/sbin/nscd active /usr/sbin/nscd)

for postfix:
SubDomain: REJECTING access to capability 'net_bind_service' (cleanup(22532) profile /usr/lib/postfix/cleanup active /usr/lib/postfix/cleanup)
SubDomain: REJECTING access to capability 'net_bind_service' (smtp(22636) profile /usr/lib/postfix/smtp active /usr/lib/postfix/smtp)
Comment 1 Dominic W Reynolds 2006-01-31 01:02:58 UTC 
ntp/nscd: fixed beta1

sshd: profile removed - will be replaced with a profile including a tunable for homedir roots

postfix: will fix for beta4
Comment 2 Carl-Daniel Hailfinger 2006-02-06 15:13:52 UTC 
for klogd:
REJECTING w access to /var/log/boot.msg (klogd(1919) profile /sbin/klogd active /sbin/klogd)
Comment 3 Dominic W Reynolds 2006-03-13 09:03:35 UTC 
Fixed. Profiles were updated around beta6.