Overview

File Add-m-permissions-to-mlmmj-profiles.patch of Package apparmor.9786

From 9b887854e6cde1ffaeb9350bc712980abf44042a Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 9 Nov 2016 19:44:35 +0100
Subject: [PATCH 2/2] Add m permissions to mlmmj profiles

Newer kernels need m permissions for the binary the profile covers,
so add it before someone hits this problem in the wild ;-)

Also add a note that the mlmmj-recieve profile is probably superfluous
because upstream renamed the misspelled binary.


Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
---
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce  | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd  | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-process | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve | 7 ++++++-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-send    | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub     | 2 +-
 profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub   | 2 +-
 8 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
index ad04a5b..9803e54 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@@ -15,7 +15,7 @@
 /usr/bin/mlmmj-bounce {
   #include <abstractions/base>
 
-  /usr/bin/mlmmj-bounce r,
+  /usr/bin/mlmmj-bounce mr,
   /usr/bin/mlmmj-send Px,
   /usr/bin/mlmmj-maintd Px,
   /var/spool/mlmmj/*/subscribers.d/ r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
index f594294..92e23d9 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@@ -17,7 +17,7 @@
 
   capability setuid,
 
-  /usr/bin/mlmmj-maintd r,
+  /usr/bin/mlmmj-maintd mr,
   /usr/bin/mlmmj-send Px,
   /usr/bin/mlmmj-bounce Px,
   /usr/bin/mlmmj-unsub Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
index 7b5b4a6..a57e4fe 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@@ -15,7 +15,7 @@
 /usr/bin/mlmmj-process {
   #include <abstractions/base>
 
-  /usr/bin/mlmmj-process r,
+  /usr/bin/mlmmj-process mr,
   /usr/bin/mlmmj-send Px,
   /usr/bin/mlmmj-sub Px,
   /usr/bin/mlmmj-unsub Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
index 556a9ed..2dd87c0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@@ -16,7 +16,7 @@
   #include <abstractions/base>
 
   /usr/bin/mlmmj-process Px,
-  /usr/bin/mlmmj-receive r,
+  /usr/bin/mlmmj-receive mr,
   /var/spool/mlmmj/*/incoming/ rw,
   /var/spool/mlmmj/*/incoming/* rw,
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
index 66370e1..298cc09 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
@@ -9,12 +9,17 @@
 # ------------------------------------------------------------------
 # vim:syntax=apparmor
 
+
+# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
+# so this profile is probably superfluous
+
+
 #include <tunables/global>
 
 /usr/bin/mlmmj-recieve {
   #include <abstractions/base>
 
   /usr/bin/mlmmj-process Px,
-  /usr/bin/mlmmj-recieve r,
+  /usr/bin/mlmmj-recieve mr,
   /var/spool/mlmmj/*/incoming/* w,
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
index fedf62b..8e64ddc 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@@ -16,7 +16,7 @@
   #include <abstractions/base>
   #include <abstractions/nameservice>
 
-  /usr/bin/mlmmj-send r,
+  /usr/bin/mlmmj-send mr,
   /var/spool/mlmmj/*/archive/* w,
   /var/spool/mlmmj/*/control/* r,
   /var/spool/mlmmj/*/index rwk,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
index 2c181a6..dc983b6 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@@ -18,7 +18,7 @@
   capability setuid,
 
   /usr/bin/mlmmj-send Px,
-  /usr/bin/mlmmj-sub r,
+  /usr/bin/mlmmj-sub mr,
   /var/spool/mlmmj/*/control/ r,
   /var/spool/mlmmj/*/control/* r,
   /var/spool/mlmmj/*/queue/ rw,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
index aadbcab..97b8fb4 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@@ -15,7 +15,7 @@
 /usr/bin/mlmmj-unsub {
   #include <abstractions/base>
 
-  /usr/bin/mlmmj-unsub r,
+  /usr/bin/mlmmj-unsub mr,
   /usr/bin/mlmmj-send Px,
   /var/spool/mlmmj/*/control/ r,
   /var/spool/mlmmj/*/control/* r,
-- 
2.10.0
openSUSE Build Service is sponsored by
Places