~ubuntu-branches/ubuntu/lucid/ntp/lucid : contents of debian/apparmor-profile at revision 39

~ubuntu-branches/ubuntu/lucid/ntp/lucid : (revision 39)

# vim:syntax=apparmor
# Last Modified: Tue Aug 11 16:14:21 CDT 2009
# Updated for Ubuntu by: Jamie Strandboge <jamie@canonical.com>
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>
#include <tunables/ntpd>
/usr/sbin/ntpd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>

  capability ipc_lock,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,
  capability sys_time,

  network inet dgram,
  network inet stream,
  network inet6 stream,

  @{PROC}/net/if_inet6 r,
  @{PROC}/*/net/if_inet6 r,
  @{NTPD_DEVICE} r,

  /usr/sbin/ntpd rmix,

  /etc/ntp.conf r,
  /etc/ntp.conf.dhcp r,
  /etc/ntpd.conf r,
  /etc/ntpd.conf.tmp r,
  /var/lib/ntp/ntp.conf.dhcp r,

  /etc/ntp.keys r,
  /etc/ntp/** r,

  /etc/ntp.drift rwl,
  /etc/ntp.drift.TEMP rwl,
  /etc/ntp/drift* rwl,
  /var/lib/ntp/*drift rw,
  /var/lib/ntp/*drift.TEMP rw,

  /var/log/ntp w,
  /var/log/ntp.log w,
  /var/log/ntpd w,
  /var/log/ntpstats/loopstats* rwl,
  /var/log/ntpstats/peerstats* rwl,

  /var/run/ntpd.pid w,
}

31 by Jamie Strandboge * Add enforcing AppArmor profile (LP: #382905)	1	# vim:syntax=apparmor
	2	# Last Modified: Tue Aug 11 16:14:21 CDT 2009
	3	# Updated for Ubuntu by: Jamie Strandboge <jamie@canonical.com>
	4	# ------------------------------------------------------------------
	5	#
	6	# Copyright (C) 2002-2005 Novell/SUSE
	7	#
	8	# This program is free software; you can redistribute it and/or
	9	# modify it under the terms of version 2 of the GNU General Public
	10	# License published by the Free Software Foundation.
	11	#
	12	# ------------------------------------------------------------------
	13
	14	#include <tunables/global>
	15	#include <tunables/ntpd>
	16	/usr/sbin/ntpd {
	17	#include <abstractions/base>
	18	#include <abstractions/nameservice>
	19	#include <abstractions/user-tmp>
	20
	21	capability ipc_lock,
	22	capability net_bind_service,
	23	capability setgid,
	24	capability setuid,
	25	capability sys_chroot,
	26	capability sys_resource,
	27	capability sys_time,
	28
	29	network inet dgram,
	30	network inet stream,
	31	network inet6 stream,
	32
	33	@{PROC}/net/if_inet6 r,
	34	@{PROC}/*/net/if_inet6 r,
	35	@{NTPD_DEVICE} r,
	36
	37	/usr/sbin/ntpd rmix,
	38
	39	/etc/ntp.conf r,
	40	/etc/ntp.conf.dhcp r,
	41	/etc/ntpd.conf r,
	42	/etc/ntpd.conf.tmp r,
39 by Jamie Strandboge debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp	43	/var/lib/ntp/ntp.conf.dhcp r,
31 by Jamie Strandboge * Add enforcing AppArmor profile (LP: #382905)	44
	45	/etc/ntp.keys r,
	46	/etc/ntp/** r,
	47
	48	/etc/ntp.drift rwl,
	49	/etc/ntp.drift.TEMP rwl,
	50	/etc/ntp/drift* rwl,
33 by Jamie Strandboge debian/apparmor-profile: adjust location of drift files (LP: #456308)	51	/var/lib/ntp/*drift rw,
	52	/var/lib/ntp/*drift.TEMP rw,
31 by Jamie Strandboge * Add enforcing AppArmor profile (LP: #382905)	53
	54	/var/log/ntp w,
	55	/var/log/ntp.log w,
	56	/var/log/ntpd w,
	57	/var/log/ntpstats/loopstats* rwl,
	58	/var/log/ntpstats/peerstats* rwl,
	59
	60	/var/run/ntpd.pid w,
	61	}