Overview

File Update-mlmmj-profiles.patch of Package apparmor.3565

From c37b032920f7ddc98f2eaa1c8da8b3279592de2b Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Tue, 8 Nov 2016 21:34:15 +0100
Subject: [PATCH 1/2] Update mlmmj profiles

This patch updates the mlmmj profiles in the extras directory to the
profiles that are used on lists.opensuse.org now. Besides adding lots
of trailing slashes for directories, several permissions were added.
Also, usr.bin.mlmmj-receive gets added - it seems upstream renamed
mlmmj-recieve to fix a typo.

These profiles were provided by Per Jessen.

References: https://bugzilla.opensuse.org/show_bug.cgi?id=1000201


Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
---
 .../apparmor/profiles/extras/usr.bin.mlmmj-bounce  | 18 ++++++++++++
 .../apparmor/profiles/extras/usr.bin.mlmmj-maintd  | 34 ++++++++++++++++------
 .../apparmor/profiles/extras/usr.bin.mlmmj-process | 21 +++++++++++--
 .../apparmor/profiles/extras/usr.bin.mlmmj-receive | 22 ++++++++++++++
 .../apparmor/profiles/extras/usr.bin.mlmmj-send    | 12 ++++++--
 .../apparmor/profiles/extras/usr.bin.mlmmj-sub     | 23 +++++++++++----
 .../apparmor/profiles/extras/usr.bin.mlmmj-unsub   | 20 +++++++++++--
 7 files changed, 128 insertions(+), 22 deletions(-)
 create mode 100644 profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive

diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
index 58ea941..ad04a5b 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -16,7 +17,24 @@
 
   /usr/bin/mlmmj-bounce r,
   /usr/bin/mlmmj-send Px,
+  /usr/bin/mlmmj-maintd Px,
+  /var/spool/mlmmj/*/subscribers.d/ r,
+  /var/spool/mlmmj/*/subscribers.d/* r,
+  /var/spool/mlmmj/*/subconf rwl, #
   /var/spool/mlmmj/*/subconf/* rwl,
+  /var/spool/mlmmj/*/queue rwl, #
   /var/spool/mlmmj/*/queue/* rwl,
+  /var/spool/mlmmj/*/bounce/ rwl,
 
+  /var/spool/mlmmj/*/nomailsubs.d/  r,
+  /var/spool/mlmmj/*/nomailsubs.d/* r,
+  /var/spool/mlmmj/*/digesters.d/  r,
+  /var/spool/mlmmj/*/digesters.d/* r,
+
+  /var/spool/mlmmj/*/bounce/* rw,
+
+  /var/spool/mlmmj/*/unsubconf/* w,
+
+  /usr/share/mlmmj/text.skel/*/* r,
+  /var/spool/mlmmj/*/control/*  r,
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
index ff3f90e..f594294 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -18,19 +19,34 @@
 
   /usr/bin/mlmmj-maintd r,
   /usr/bin/mlmmj-send Px,
+  /usr/bin/mlmmj-bounce Px,
+  /usr/bin/mlmmj-unsub Px,
 
-  /var/spool/mlmmj r,
-  /var/spool/mlmmj/*/bounce r,
+  /var/spool/mlmmj/ r,
+  /var/spool/mlmmj/* r, #
+  /var/spool/mlmmj/*/bounce/ r,
+  /var/spool/mlmmj/*/bounce/* rw,
   /var/spool/mlmmj/*/index r,
-  /var/spool/mlmmj/*/lastdigest rw,
+  /var/spool/mlmmj/*/lastdigest rwk,
   /var/spool/mlmmj/*/maintdlog-* lrw,
   /var/spool/mlmmj/*/mlmmj-maintd.lastrun.log w,
-  /var/spool/mlmmj/*/moderation r,
+  /var/spool/mlmmj/*/moderation/ r,
+  /var/spool/mlmmj/*/moderation/* w,
+  /var/spool/mlmmj/*/archive/ r,
   /var/spool/mlmmj/*/archive/* r,
+  /var/spool/mlmmj/*/control/ r,
   /var/spool/mlmmj/*/control/* r,
-  /var/spool/mlmmj/*/queue r,
-  /var/spool/mlmmj/*/queue/* rwl,
-  /var/spool/mlmmj/*/requeue r,
-  /var/spool/mlmmj/*/subconf r,
-  /var/spool/mlmmj/*/unsubconf r,
+  /var/spool/mlmmj/*/queue/ r,
+  /var/spool/mlmmj/*/queue/** rwl,
+  /var/spool/mlmmj/*/requeue/ r,
+  /var/spool/mlmmj/*/requeue/* rw,
+  /var/spool/mlmmj/*/requeue/*/ rw,
+  /var/spool/mlmmj/*/subconf/ r,
+  /var/spool/mlmmj/*/subconf/* rw,
+  /var/spool/mlmmj/*/unsubconf/ r,
+  /var/spool/mlmmj/*/unsubconf/* rw,
+
+  /usr/share/mlmmj/text.skel/*/digest r,
+  /var/spool/mlmmj/*/mlmmj.operation.log rwk,
+
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
index 77ce829..7b5b4a6 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -19,11 +20,27 @@
   /usr/bin/mlmmj-sub Px,
   /usr/bin/mlmmj-unsub Px,
   /usr/bin/mlmmj-bounce Px,
+  # skeleton data
+  /usr/share/mlmmj/text.skel/ r,
+  /usr/share/mlmmj/text.skel/*/* r,
+
   /var/spool/mlmmj/*/control/* r,
   /var/spool/mlmmj/*/text/* r,
   /var/spool/mlmmj/*/incoming/* rwl,
-  /var/spool/mlmmj/*/queue/* rwl,
+  /var/spool/mlmmj/*/queue/** rwl,
   /var/spool/mlmmj/*/subconf/* rwl,
   /var/spool/mlmmj/*/unsubconf/* rwl,
-  /var/spool/mlmmj/*/mlmmj.operation.log rw,
+  /var/spool/mlmmj/*/mlmmj.operation.log rwk,
+  /var/spool/mlmmj/*/mlmmj.operation.log.rotated w,
+
+  /var/spool/mlmmj/*/nomailsubs.d/ r,
+  /var/spool/mlmmj/*/nomailsubs.d/* r,
+  /var/spool/mlmmj/*/subscribers.d/ r,
+  /var/spool/mlmmj/*/subscribers.d/* r,
+  /var/spool/mlmmj/*/digesters.d/ r,
+  /var/spool/mlmmj/*/digesters.d/* r,
+
+  /var/spool/mlmmj/*/moderation/* rw,
+  /etc/mlmmj/text/*/* r,
+
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
new file mode 100644
index 0000000..556a9ed
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@@ -0,0 +1,22 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+/usr/bin/mlmmj-receive {
+  #include <abstractions/base>
+
+  /usr/bin/mlmmj-process Px,
+  /usr/bin/mlmmj-receive r,
+  /var/spool/mlmmj/*/incoming/ rw,
+  /var/spool/mlmmj/*/incoming/* rw,
+}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
index 19f9c67..fedf62b 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -18,8 +19,13 @@
   /usr/bin/mlmmj-send r,
   /var/spool/mlmmj/*/archive/* w,
   /var/spool/mlmmj/*/control/* r,
-  /var/spool/mlmmj/*/index rw,
-  /var/spool/mlmmj/*/queue/* lrw,
-  /var/spool/mlmmj/*/subscribers.d r,
+  /var/spool/mlmmj/*/index rwk,
+  /var/spool/mlmmj/*/queue/* klrw,
+  /var/spool/mlmmj/*/subscribers.d/ r,
   /var/spool/mlmmj/*/subscribers.d/* r,
+
+  /var/spool/mlmmj/*/digesters.d/ r,
+
+  /var/spool/mlmmj/*/moderation/* rwk,
+
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
index 5c04728..2c181a6 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -18,11 +19,23 @@
 
   /usr/bin/mlmmj-send Px,
   /usr/bin/mlmmj-sub r,
+  /var/spool/mlmmj/*/control/ r,
   /var/spool/mlmmj/*/control/* r,
-  /var/spool/mlmmj/*/queue/* w,
-  /var/spool/mlmmj/*/subconf/* w,
-  /var/spool/mlmmj/*/subscribers.d rw,
-  /var/spool/mlmmj/*/subscribers.d/* rw,
-  /var/spool/mlmmj/*/subscribers.d/.d.lock lw,
+  /var/spool/mlmmj/*/queue/ rw,
+  /var/spool/mlmmj/*/queue/* rw,
+  /var/spool/mlmmj/*/subconf/ rw,
+  /var/spool/mlmmj/*/subconf/* rw,
+  /var/spool/mlmmj/*/subscribers.d/ rw,
+  /var/spool/mlmmj/*/subscribers.d/* rwk,
+  /var/spool/mlmmj/*/text/ r, #
   /var/spool/mlmmj/*/text/* r,
+
+  /usr/share/mlmmj/text.skel/*/* r,
+
+  /var/spool/mlmmj/*/nomailsubs.d/ rw,
+  /var/spool/mlmmj/*/nomailsubs.d/* rwk,
+
+  /var/spool/mlmmj/*/digesters.d/ rw,
+  /var/spool/mlmmj/*/digesters.d/* rwk,
+
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
index 4e69eef..aadbcab 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) Per Jessen <per@computer.org>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -16,12 +17,25 @@
 
   /usr/bin/mlmmj-unsub r,
   /usr/bin/mlmmj-send Px,
+  /var/spool/mlmmj/*/control/ r,
   /var/spool/mlmmj/*/control/* r,
+  /var/spool/mlmmj/*/text/ r,
   /var/spool/mlmmj/*/text/* r,
-  /var/spool/mlmmj/*/subscribers.d r,
-  /var/spool/mlmmj/*/subscribers.d/* r,
 
+  /var/spool/mlmmj/*/queue/ rwl,
   /var/spool/mlmmj/*/queue/* rwl,
+  /var/spool/mlmmj/*/unsubconf/ rwl,
   /var/spool/mlmmj/*/unsubconf/* rwl,
-  /var/spool/mlmmj/*/subscribers.d/* rwl,
+  /var/spool/mlmmj/*/subscribers.d/ rw,
+  /var/spool/mlmmj/*/subscribers.d/* rwk,
+
+  /var/spool/mlmmj/*/nomailsubs.d/ rw,
+  /var/spool/mlmmj/*/nomailsubs.d/* rwk,
+
+  /var/spool/mlmmj/*/digesters.d/ rw,
+  /var/spool/mlmmj/*/digesters.d/* rwk,
+
+  /usr/share/mlmmj/text.skel/*/* r,
+  /etc/mlmmj/text/*/finish r,
+
 }
-- 
2.10.0
openSUSE Build Service is sponsored by
Places