pool/rspamd
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Add usr.bin.rspamd apparmor profile

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:mail/rspamd?expand=0&rev=46
This commit is contained in:
Bernhard M. Wiedemann
2020-10-05 11:06:34 +00:00
committed by Git OBS Bridge
parent bd9a6e295b
commit 78f7c0d727
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
rspamd.changes
View File

@@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Oct 5 10:42:14 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add usr.bin.rspamd apparmor profile
-------------------------------------------------------------------
Thu Oct 1 09:39:29 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>

6
rspamd.spec
View File

@@ -67,6 +67,7 @@ Summary: Spam filtering system
Url: https://rspamd.com/
Group: Productivity/Networking/Email/Utilities
Source0: https://github.com/rspamd/rspamd/archive/%{version}/%{name}-%{version}.tar.gz
Source1: usr.bin.rspamd
Patch0: rspamd-conf.patch
Patch1: rspamd-after-redis-target.patch
BuildRequires: cmake
@@ -123,6 +124,8 @@ Requires: rspamd-client = %{version}
%else
Conflicts: rspamd-client
%endif
BuildRequires: apparmor-abstractions
Requires: apparmor-abstractions
%description
Rspamd is a spam filtering system that allows evaluation of messages
@@ -259,6 +262,7 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/local.d/worker-proxy.inc << EOF
EOF
install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
install -D -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.rspamd
%pre
%{_sbindir}/groupadd -r %{rspamd_group} 2>/dev/null || :
@@ -309,6 +313,8 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
%{_libdir}/rspamd/librspamd-kann.so
%{_libdir}/rspamd/librspamd-replxx.so
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.bin.rspamd
%dir %{_sysconfdir}/rspamd/
%config %{_sysconfdir}/rspamd/actions.conf
%config %{_sysconfdir}/rspamd/cgp.inc

32
usr.bin.rspamd Normal file
View File

@@ -0,0 +1,32 @@
# Last Modified: Mon Oct 5 10:19:40 2020
#include <tunables/global>
# based on https://github.com/progmaticltd/homebox/blob/master/install/playbooks/roles/rspamd/templates/apparmor.d/usr.bin.rspamd
/usr/bin/rspamd {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/php>
/dev/shm/rhm.* rw,
/etc/gai.conf r,
/etc/host.conf r,
/etc/hosts r,
/etc/magic r,
/etc/nsswitch.conf r,
/etc/resolv.conf r,
/etc/rspamd/** r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/proc/sys/kernel/random/uuid r,
/usr/bin/rspamd mr,
/usr/share/rspamd/ r,
/usr/share/rspamd/** r,
/var/cache/nscd/hosts r,
/var/lib/rspamd/ r,
/var/lib/rspamd/** rwk,
/var/log/rspamd/rspamd.log* rwk,
/{var/,}run/rspamd/* rwk,
}