Bug 143336 - apparmor profiles need more additions
Summary: apparmor profiles need more additions
Status: RESOLVED FIXED
Alias: None
Product: SUSE Linux 10.1
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Alpha 4
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Dominic W Reynolds
QA Contact: Dominic W Reynolds
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-16 11:15 UTC by Ruediger Oertel
Modified: 2006-03-13 09:03 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ruediger Oertel 2006-01-16 11:15:44 UTC 
most annoying one first:
SubDomain: REJECTING r access to /suse/okir/.ssh/authorized_keys (sshd(30498) profile /usr/sbin/sshd active /usr/sbin/sshd)

SubDomain: REJECTING w access to /tmp/ssh-WjvLX30584 (sshd(30584) profile /usr/sbin/sshd active /usr/sbin/sshd)
SubDomain: REJECTING r access to /etc/environment (sshd(30584) profile /usr/sbin/sshd active /usr/sbin/sshd)


for ntp:
SubDomain: REJECTING access to capability 'sys_resource' (ntpd(4333) profile /usr/sbin/ntpd active /usr/sbin/ntpd)

for nscd:
SubDomain: REJECTING r access to /proc/4318/maps (nscd(4323) profile /usr/sbin/nscd active /usr/sbin/nscd)

for postfix:
SubDomain: REJECTING access to capability 'net_bind_service' (cleanup(22532) profile /usr/lib/postfix/cleanup active /usr/lib/postfix/cleanup)
SubDomain: REJECTING access to capability 'net_bind_service' (smtp(22636) profile /usr/lib/postfix/smtp active /usr/lib/postfix/smtp)
Comment 1 Dominic W Reynolds 2006-01-31 01:02:58 UTC 
ntp/nscd: fixed beta1

sshd: profile removed - will be replaced with a profile including a tunable for homedir roots

postfix: will fix for beta4
Comment 2 Carl-Daniel Hailfinger 2006-02-06 15:13:52 UTC 
for klogd:
REJECTING w access to /var/log/boot.msg (klogd(1919) profile /sbin/klogd active /sbin/klogd)
Comment 3 Dominic W Reynolds 2006-03-13 09:03:35 UTC 
Fixed. Profiles were updated around beta6.