76 lines
2.1 KiB
Diff
76 lines
2.1 KiB
Diff
modify logprof.conf for Void Linux
|
|
|
|
--- a/utils/logprof.conf
|
|
+++ b/utils/logprof.conf
|
|
@@ -12,11 +12,11 @@
|
|
[settings]
|
|
profiledir = /etc/apparmor.d /etc/subdomain.d
|
|
inactive_profiledir = /usr/share/apparmor/extra-profiles
|
|
- logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
|
|
+ logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages
|
|
|
|
- parser = /sbin/apparmor_parser /sbin/subdomain_parser
|
|
+ parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
|
|
ldd = /usr/bin/ldd
|
|
- logger = /bin/logger /usr/bin/logger
|
|
+ logger = /usr/bin/logger
|
|
|
|
# customize how file ownership permissions are presented
|
|
# 0 - off
|
|
@@ -38,27 +38,29 @@
|
|
|
|
[qualifiers]
|
|
# things will be painfully broken if bash has a profile
|
|
- /bin/bash = icnu
|
|
- /usr/bin/bash = icnu
|
|
- /bin/ksh = icnu
|
|
- /usr/bin/ksh = icnu
|
|
- /bin/dash = icnu
|
|
- /usr/bin/dash = icnu
|
|
- /bin/zsh = icnu
|
|
- /usr/bin/zsh = icnu
|
|
+ /bin/bash = icnu
|
|
+ /usr/bin/bash = icnu
|
|
+ /bin/ksh = icnu
|
|
+ /usr/bin/ksh = icnu
|
|
+ /bin/dash = icnu
|
|
+ /usr/bin/dash = icnu
|
|
+ /bin/zsh = icnu
|
|
+ /usr/bin/zsh = icnu
|
|
+ /bin/fish = icnu
|
|
+ /usr/bin/fish = icnu
|
|
+ /bin/ash = icnu
|
|
+ /usr/bin/ash = icnu
|
|
+ /bin/rc = icnu
|
|
+ /usr/bin/rc = icnu
|
|
|
|
# these programs can't function if they're confined
|
|
/bin/mount = u
|
|
/usr/bin/mount = u
|
|
/etc/init.d/subdomain = u
|
|
- /sbin/cardmgr = u
|
|
- /usr/sbin/cardmgr = u
|
|
- /sbin/subdomain_parser = u
|
|
- /usr/sbin/subdomain_parser = u
|
|
- /usr/sbin/genprof = u
|
|
- /usr/sbin/logprof = u
|
|
- /usr/lib/YaST2/servers_non_y2/ag_genprof = u
|
|
- /usr/lib/YaST2/servers_non_y2/ag_logprof = u
|
|
+ /usr/bin/cardmgr = u
|
|
+ /usr/bin/subdomain_parser = u
|
|
+ /usr/bin/genprof = u
|
|
+ /usr/bin/logprof = u
|
|
|
|
# these ones shouln't have their own profiles
|
|
/bin/awk = icn
|
|
@@ -112,6 +113,9 @@
|
|
/usr/bin/python3.5 = icn
|
|
/usr/bin/python3.6 = icn
|
|
/usr/bin/python3.7 = icn
|
|
+ /usr/bin/python3.8 = icn
|
|
+ /usr/bin/python3.9 = icn
|
|
+ /usr/bin/python3.10 = icn
|
|
/usr/bin/tr = icn
|
|
|
|
[required_hats]
|