[PR PATCH] apparmor: update profiles

Github messages for voidlinux
 help / color / mirror / Atom feed

* [PR PATCH] apparmor: update profiles
@ 2019-12-31  8:29 voidlinux-github
  2019-12-31 14:25 ` [PR PATCH] [Merged]: " voidlinux-github
  0 siblings, 1 reply; 2+ messages in thread
From: voidlinux-github @ 2019-12-31  8:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 557 bytes --]

There is a new pull request by CameronNemo against master on the void-packages repository

https://github.com/CameronNemo/void-packages wpasupp
https://github.com/void-linux/void-packages/pull/17932

apparmor: update profiles
* dhcpcd, wpa_supplicant: add small additional permissions
* wpa_cli: remove profile, it causes issues with the -a flag;
           expected impact is low: wpa_cli is run as a normal user,
	   and it does not serve requests to other users.

A patch file from https://github.com/void-linux/void-packages/pull/17932.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wpasupp-17932.patch --]
[-- Type: text/x-diff, Size: 2688 bytes --]

From ac389ea4f4325996c1f0860042ef7a879a43983b Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 31 Dec 2019 00:26:34 -0800
Subject: [PATCH] apparmor: update profiles

* dhcpcd, wpa_supplicant: add small additional permissions
* wpa_cli: remove profile, it causes issues with the -a flag;
           expected impact is low: wpa_cli is run as a normal user,
	   and it does not serve requests to other users.
---
 srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd   |  1 +
 srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli  | 16 ----------------
 .../files/profiles/usr.bin.wpa_supplicant        |  1 +
 srcpkgs/apparmor/template                        |  2 +-
 4 files changed, 3 insertions(+), 17 deletions(-)
 delete mode 100644 srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli

diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd b/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
index 3e9d39be538..755654a03da 100644
--- a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
@@ -46,6 +46,7 @@ profile dhcpcd /{usr/,}bin/dhcpcd {
   /{usr/,}bin/dhcpcd mrix,
 
   owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/stat r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.dhcpcd>
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
deleted file mode 100644
index 72439f0d59b..00000000000
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
+++ /dev/null
@@ -1,16 +0,0 @@
-#include <tunables/global>
-
-/usr/bin/wpa_cli {
-  #include <abstractions/base>
-
-  /usr/bin/wpa_cli mr,
-
-  /{var/,}run/wpa_supplicant/ r,
-  owner /tmp/wpa_ctrl_@{pid}-[0-9] rw,
-
-  # for interactive mode
-  /etc/inputrc r,
-  owner @{HOME}/.wpa_cli_history rw,
-
-  #include <local/usr.bin.wpa_cli>
-}
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
index fbe20060de4..df53acc82d6 100644
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
@@ -28,6 +28,7 @@
   /etc/nsswitch.conf r,
   /etc/group r,
  
+  @{PROC}/sys/net/ipv{4,6}/conf/*/* rw,
   @{PROC}/@{pid}/psched r,
 
   /dev/rfkill r,
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index d63b0f05814..01e987e7bc1 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=2.13.3
-revision=3
+revision=4
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PR PATCH] [Merged]: apparmor: update profiles
  2019-12-31  8:29 [PR PATCH] apparmor: update profiles voidlinux-github
@ 2019-12-31 14:25 ` voidlinux-github
  0 siblings, 0 replies; 2+ messages in thread
From: voidlinux-github @ 2019-12-31 14:25 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 398 bytes --]

There's a merged pull request on the void-packages repository

apparmor: update profiles
https://github.com/void-linux/void-packages/pull/17932

Description:
* dhcpcd, wpa_supplicant: add small additional permissions
* wpa_cli: remove profile, it causes issues with the -a flag;
           expected impact is low: wpa_cli is run as a normal user,
	   and it does not serve requests to other users.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-12-31 14:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-31  8:29 [PR PATCH] apparmor: update profiles voidlinux-github
2019-12-31 14:25 ` [PR PATCH] [Merged]: " voidlinux-github

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).