update apparmor profiles

parent 1c130f48
......@@ -18,11 +18,15 @@ profile cron-popularity-contest @{exec_path} {
@{exec_path} r,
/{usr/,}bin/dash rix,
/{usr/,}sbin/popularity-contest rPx,
/{usr/,}bin/logger rix,
/{usr/,}bin/date rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/mkdir rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/mv rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/setsid rix,
# To send reports via TOR
......@@ -40,7 +44,11 @@ profile cron-popularity-contest @{exec_path} {
/etc/popularity-contest.conf r,
/var/log/popularity-contest{,.new} rw,
/var/log/popularity-contest.new.gpg w,
/var/log/popularity-contest{,.new}.gpg rw,
# Store last successful http submission timestamp
/var/lib/popularity-contest/ rw,
/var/lib/popularity-contest/lastsub rw,
owner /tmp/tmp.*/ rw,
owner /tmp/tmp.*/random_seed w,
......@@ -48,6 +56,7 @@ profile cron-popularity-contest @{exec_path} {
# file_inherit
owner /tmp/#[0-9]*[0-9] rw,
profile savelog {
#include <abstractions/base>
......
......@@ -15,6 +15,11 @@
profile popularity-contest @{exec_path} {
#include <abstractions/base>
#include <abstractions/perl>
#include <abstractions/nameservice-strict>
# For popularity-contest --su-nobody
capability setuid,
capability setgid,
capability sys_ptrace,
ptrace (read),
......@@ -35,6 +40,8 @@ profile popularity-contest @{exec_path} {
/etc/dpkg/origins/debian r,
/etc/shadow r,
/var/lib/dpkg/info/{,*.list} r,
@{PROC}/ r,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment