Andreas Stieger
6730db32ae
fix includes for apparmor profile (bsc#1080238) OBS-URL: https://build.opensuse.org/request/show/578004 OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=286
52 lines
1.4 KiB
Plaintext
52 lines
1.4 KiB
Plaintext
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2014 Novell/SUSE
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/sbin/rsyslogd {
|
|
#include <abstractions/base>
|
|
#include <abstractions/consoles>
|
|
# general networking is allowed here
|
|
#include <abstractions/nameservice>
|
|
|
|
capability dac_override,
|
|
capability sys_nice,
|
|
capability sys_tty_config,
|
|
capability syslog,
|
|
deny capability block_suspend,
|
|
|
|
/dev/tty* w,
|
|
/dev/xconsole rw,
|
|
|
|
/etc/rsyslog.conf r,
|
|
/etc/rsyslog.d/ r,
|
|
/etc/rsyslog.d/* r,
|
|
|
|
/usr/lib{,32,64}/rsyslog/* mr,
|
|
/usr/sbin/rsyslogd mr,
|
|
|
|
/var/log/** rw,
|
|
/var/lib/*/dev/log w,
|
|
|
|
/proc/kmsg r,
|
|
|
|
/{var/,}run/rsyslog/* r,
|
|
/{var/,}run/rsyslogd.pid rwk,
|
|
/{var/,}run/systemd/journal/syslog w,
|
|
|
|
# include rules for rsyslog-module-* packages
|
|
#include "/usr/share/apparmor/extra-profiles/rsyslog.d"
|
|
|
|
# for logging via TLS (rsyslog-module-gtls)
|
|
# keys/certificates need to be located under /etc/rsyslog.d or permissions need to be adjusted here
|
|
# rsyslog tries to write to the certificates for no reason, so deny this quietly
|
|
deny /etc/rsyslog.d/* w,
|
|
}
|