On Wed, May 20, 2015 at 09:19:26PM -0600, LaMont Jones wrote:
> On Wed, May 20, 2015 at 08:24:55PM +0100, Dominic Hargreaves wrote:
> > It seems you missed the attachment?
>
> Sigh. Attached.
Thanks.
This is the first time I've encountered apparmor, and I have a couple
of questions (I haven't had a chance to test this out).
> #include <tunables/global>
>
> # vim:syntax=apparmor
>
>
> /usr/sbin/anope {
> #include <abstractions/base>
> #include <abstractions/nameservice>
>
> capability net_bind_service,
> capability setgid,
> capability setuid,
> capability sys_chroot,
> capability sys_resource,
>
> # we need our config files.
> /etc/anope/** r,
>
> # pidfile used by anope.
> /run/anope/anope.pid w,
>
> # we need to be able to write to the log file
> # and to rotate them.
> /var/log/anope/* w,
>
> # we need libraries, and we need to be able to restart
> /usr/lib{,32,64}/** mr,
> /usr/sbin/anope ixr,
>
> }
The data directories in /var/lib/anope seem to be conspicuously absent
from this? Also modules in /usr/lib/anope, but perhaps they are handled
implicitly?
Also, do you have any suggestions about how to handle upstreaming this?
The wiki page at <https://wiki.debian.org/AppArmor/Contribute>
implies that profiles should be submitted upstream first.
Cheers,
Dominic.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
