Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
apparmor.9786
Update-mlmmj-profiles.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Update-mlmmj-profiles.patch of Package apparmor.9786
From c37b032920f7ddc98f2eaa1c8da8b3279592de2b Mon Sep 17 00:00:00 2001 From: Christian Boltz <apparmor@cboltz.de> Date: Tue, 8 Nov 2016 21:34:15 +0100 Subject: [PATCH 1/2] Update mlmmj profiles This patch updates the mlmmj profiles in the extras directory to the profiles that are used on lists.opensuse.org now. Besides adding lots of trailing slashes for directories, several permissions were added. Also, usr.bin.mlmmj-receive gets added - it seems upstream renamed mlmmj-recieve to fix a typo. These profiles were provided by Per Jessen. References: https://bugzilla.opensuse.org/show_bug.cgi?id=1000201 Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9. --- .../apparmor/profiles/extras/usr.bin.mlmmj-bounce | 18 ++++++++++++ .../apparmor/profiles/extras/usr.bin.mlmmj-maintd | 34 ++++++++++++++++------ .../apparmor/profiles/extras/usr.bin.mlmmj-process | 21 +++++++++++-- .../apparmor/profiles/extras/usr.bin.mlmmj-receive | 22 ++++++++++++++ .../apparmor/profiles/extras/usr.bin.mlmmj-send | 12 ++++++-- .../apparmor/profiles/extras/usr.bin.mlmmj-sub | 23 +++++++++++---- .../apparmor/profiles/extras/usr.bin.mlmmj-unsub | 20 +++++++++++-- 7 files changed, 128 insertions(+), 22 deletions(-) create mode 100644 profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce index 58ea941..ad04a5b 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,7 +17,24 @@ /usr/bin/mlmmj-bounce r, /usr/bin/mlmmj-send Px, + /usr/bin/mlmmj-maintd Px, + /var/spool/mlmmj/*/subscribers.d/ r, + /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/subconf rwl, # /var/spool/mlmmj/*/subconf/* rwl, + /var/spool/mlmmj/*/queue rwl, # /var/spool/mlmmj/*/queue/* rwl, + /var/spool/mlmmj/*/bounce/ rwl, + /var/spool/mlmmj/*/nomailsubs.d/ r, + /var/spool/mlmmj/*/nomailsubs.d/* r, + /var/spool/mlmmj/*/digesters.d/ r, + /var/spool/mlmmj/*/digesters.d/* r, + + /var/spool/mlmmj/*/bounce/* rw, + + /var/spool/mlmmj/*/unsubconf/* w, + + /usr/share/mlmmj/text.skel/*/* r, + /var/spool/mlmmj/*/control/* r, } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd index ff3f90e..f594294 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -18,19 +19,34 @@ /usr/bin/mlmmj-maintd r, /usr/bin/mlmmj-send Px, + /usr/bin/mlmmj-bounce Px, + /usr/bin/mlmmj-unsub Px, - /var/spool/mlmmj r, - /var/spool/mlmmj/*/bounce r, + /var/spool/mlmmj/ r, + /var/spool/mlmmj/* r, # + /var/spool/mlmmj/*/bounce/ r, + /var/spool/mlmmj/*/bounce/* rw, /var/spool/mlmmj/*/index r, - /var/spool/mlmmj/*/lastdigest rw, + /var/spool/mlmmj/*/lastdigest rwk, /var/spool/mlmmj/*/maintdlog-* lrw, /var/spool/mlmmj/*/mlmmj-maintd.lastrun.log w, - /var/spool/mlmmj/*/moderation r, + /var/spool/mlmmj/*/moderation/ r, + /var/spool/mlmmj/*/moderation/* w, + /var/spool/mlmmj/*/archive/ r, /var/spool/mlmmj/*/archive/* r, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/queue r, - /var/spool/mlmmj/*/queue/* rwl, - /var/spool/mlmmj/*/requeue r, - /var/spool/mlmmj/*/subconf r, - /var/spool/mlmmj/*/unsubconf r, + /var/spool/mlmmj/*/queue/ r, + /var/spool/mlmmj/*/queue/** rwl, + /var/spool/mlmmj/*/requeue/ r, + /var/spool/mlmmj/*/requeue/* rw, + /var/spool/mlmmj/*/requeue/*/ rw, + /var/spool/mlmmj/*/subconf/ r, + /var/spool/mlmmj/*/subconf/* rw, + /var/spool/mlmmj/*/unsubconf/ r, + /var/spool/mlmmj/*/unsubconf/* rw, + + /usr/share/mlmmj/text.skel/*/digest r, + /var/spool/mlmmj/*/mlmmj.operation.log rwk, + } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process index 77ce829..7b5b4a6 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -19,11 +20,27 @@ /usr/bin/mlmmj-sub Px, /usr/bin/mlmmj-unsub Px, /usr/bin/mlmmj-bounce Px, + # skeleton data + /usr/share/mlmmj/text.skel/ r, + /usr/share/mlmmj/text.skel/*/* r, + /var/spool/mlmmj/*/control/* r, /var/spool/mlmmj/*/text/* r, /var/spool/mlmmj/*/incoming/* rwl, - /var/spool/mlmmj/*/queue/* rwl, + /var/spool/mlmmj/*/queue/** rwl, /var/spool/mlmmj/*/subconf/* rwl, /var/spool/mlmmj/*/unsubconf/* rwl, - /var/spool/mlmmj/*/mlmmj.operation.log rw, + /var/spool/mlmmj/*/mlmmj.operation.log rwk, + /var/spool/mlmmj/*/mlmmj.operation.log.rotated w, + + /var/spool/mlmmj/*/nomailsubs.d/ r, + /var/spool/mlmmj/*/nomailsubs.d/* r, + /var/spool/mlmmj/*/subscribers.d/ r, + /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/digesters.d/ r, + /var/spool/mlmmj/*/digesters.d/* r, + + /var/spool/mlmmj/*/moderation/* rw, + /etc/mlmmj/text/*/* r, + } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive new file mode 100644 index 0000000..556a9ed --- /dev/null +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive @@ -0,0 +1,22 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:syntax=apparmor + +#include <tunables/global> + +/usr/bin/mlmmj-receive { + #include <abstractions/base> + + /usr/bin/mlmmj-process Px, + /usr/bin/mlmmj-receive r, + /var/spool/mlmmj/*/incoming/ rw, + /var/spool/mlmmj/*/incoming/* rw, +} diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send index 19f9c67..fedf62b 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -18,8 +19,13 @@ /usr/bin/mlmmj-send r, /var/spool/mlmmj/*/archive/* w, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/index rw, - /var/spool/mlmmj/*/queue/* lrw, - /var/spool/mlmmj/*/subscribers.d r, + /var/spool/mlmmj/*/index rwk, + /var/spool/mlmmj/*/queue/* klrw, + /var/spool/mlmmj/*/subscribers.d/ r, /var/spool/mlmmj/*/subscribers.d/* r, + + /var/spool/mlmmj/*/digesters.d/ r, + + /var/spool/mlmmj/*/moderation/* rwk, + } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub index 5c04728..2c181a6 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -18,11 +19,23 @@ /usr/bin/mlmmj-send Px, /usr/bin/mlmmj-sub r, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, - /var/spool/mlmmj/*/queue/* w, - /var/spool/mlmmj/*/subconf/* w, - /var/spool/mlmmj/*/subscribers.d rw, - /var/spool/mlmmj/*/subscribers.d/* rw, - /var/spool/mlmmj/*/subscribers.d/.d.lock lw, + /var/spool/mlmmj/*/queue/ rw, + /var/spool/mlmmj/*/queue/* rw, + /var/spool/mlmmj/*/subconf/ rw, + /var/spool/mlmmj/*/subconf/* rw, + /var/spool/mlmmj/*/subscribers.d/ rw, + /var/spool/mlmmj/*/subscribers.d/* rwk, + /var/spool/mlmmj/*/text/ r, # /var/spool/mlmmj/*/text/* r, + + /usr/share/mlmmj/text.skel/*/* r, + + /var/spool/mlmmj/*/nomailsubs.d/ rw, + /var/spool/mlmmj/*/nomailsubs.d/* rwk, + + /var/spool/mlmmj/*/digesters.d/ rw, + /var/spool/mlmmj/*/digesters.d/* rwk, + } diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub index 4e69eef..aadbcab 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub +++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) Per Jessen <per@computer.org> # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,12 +17,25 @@ /usr/bin/mlmmj-unsub r, /usr/bin/mlmmj-send Px, + /var/spool/mlmmj/*/control/ r, /var/spool/mlmmj/*/control/* r, + /var/spool/mlmmj/*/text/ r, /var/spool/mlmmj/*/text/* r, - /var/spool/mlmmj/*/subscribers.d r, - /var/spool/mlmmj/*/subscribers.d/* r, + /var/spool/mlmmj/*/queue/ rwl, /var/spool/mlmmj/*/queue/* rwl, + /var/spool/mlmmj/*/unsubconf/ rwl, /var/spool/mlmmj/*/unsubconf/* rwl, - /var/spool/mlmmj/*/subscribers.d/* rwl, + /var/spool/mlmmj/*/subscribers.d/ rw, + /var/spool/mlmmj/*/subscribers.d/* rwk, + + /var/spool/mlmmj/*/nomailsubs.d/ rw, + /var/spool/mlmmj/*/nomailsubs.d/* rwk, + + /var/spool/mlmmj/*/digesters.d/ rw, + /var/spool/mlmmj/*/digesters.d/* rwk, + + /usr/share/mlmmj/text.skel/*/* r, + /etc/mlmmj/text/*/finish r, + } -- 2.10.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor