pure-ftpd/pure-ftpd-apparmor.patch

Index: pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
===================================================================
--- /dev/null
+++ pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
@@ -0,0 +1,13 @@
+
+---------------------- Using the AppArmor profile ----------------------
+
+Make sure that AppArmor is installed and enabled.
+
+To utilize the security provided by AppArmor, ensure that the supplied 
+AppArmor profile (the file 'usr.sbin.pure-ftpd') for Pure-FTPd is present in 
+the '/etc/apparmor.d/' directory. If it is not present, copy it from
+the '/usr/share/doc/packages/pure-ftpd/' directory.
+
+This profile takes care of most of the typical use cases. You can use 
+YaST->Novell AppArmor to fine-tune the profile for your specific needs.
+
Index: pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
===================================================================
--- /dev/null
+++ pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
@@ -0,0 +1,38 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2006 Novell, Inc.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+/usr/sbin/pure-ftpd {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/authentication>
+  #include <abstractions/user-tmp>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+  capability sys_chroot,
+
+  / 					r,
+  /etc/ftpusers 			r,
+  /etc/pure-ftpd/* 			r,
+  /etc/shells 				r,
+  /etc/ssl/private/pure-ftpd.pem	r,
+  /proc/*/loginuid 			w,
+  /proc/loadavg 			r,
+  /proc/net/tcp*			r,
+  /usr/sbin/pure-ftpd 			mr,
+
+  /var/run/pure-ftpd 			rw,
+  /var/run/pure-ftpd.pid 		w,
+  /var/run/pure-ftpd/client-* 		rw,
+
+  @{HOMEDIRS}*                		r,
+  @{HOME}/**                 		rwl,
+  @{HOME}/.k5login 			r,
+}