From 02fdc0cf27c16f5884e0d8806cab44e20bbdce5f69ef3159b6b9d2e897307a4e Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Fri, 31 May 2024 12:09:35 +0000 Subject: [PATCH] - AppArmor: allow haprox to read the files needed for the "p post_mortem" support OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=303 --- haproxy.changes | 6 ++++++ usr.sbin.haproxy.apparmor | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/haproxy.changes b/haproxy.changes index 3798402..aea0e67 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert + +- AppArmor: allow haprox to read the files needed for the "p + post_mortem" support + ------------------------------------------------------------------- Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de diff --git a/usr.sbin.haproxy.apparmor b/usr.sbin.haproxy.apparmor index c698d15..2bc5b5b 100644 --- a/usr.sbin.haproxy.apparmor +++ b/usr.sbin.haproxy.apparmor @@ -38,7 +38,20 @@ profile haproxy /usr/sbin/haproxy { /{,var/}run/haproxy/pid rw, /{,var/}run/haproxy/master.sock* rwlk, + # This is for the additional debug output in haproxy >= 2.9 + # can be accessed with "p post_mortem" in gdb /sys/devices/system/node/ r, + /sys/devices/system/node/*/cpumap r, + /sys/devices/system/cpu/online r, + /sys/class/dmi/id/sys_vendor r, + /sys/class/dmi/id/product_family r, + /sys/class/dmi/id/product_name r, + /sys/class/dmi/id/board_vendor r, + /sys/firmware/devicetree/base/model r, + /sys/class/dmi/id/board_name r, + /proc/2/status r, + /proc/cpuinfo r, + # end of debug.c files # Site-specific additions and overrides. See local/README for details. #include if exists