diff options
| author | Martin Pitt <mpitt@debian.org> | 2009-03-26 08:56:13 +0100 |
|---|---|---|
| committer | Martin Pitt <mpitt@debian.org> | 2009-03-26 08:56:13 +0100 |
| commit | a4d75bafc0d02f3de0c7c0b5bb2ec11a8bc5fe52 (patch) | |
| tree | 6876d85b58524c4edfca730724b09c34b12e3c72 | |
| parent | 5796457209336d8cf76e4731792562732e559b23 (diff) | |
| download | cups-a4d75bafc0d02f3de0c7c0b5bb2ec11a8bc5fe52.tar.gz | |
debian/local/apparmor-profile: Explicitly deny access to /dev/tty and
writing access to /etc/krb5.conf, so that accesses to them do not create
log spewage. (LP: #348556)
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | debian/local/apparmor-profile | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 7b3f1a0f..7eb28575 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,9 @@ cups (1.3.9-16) UNRELEASED; urgency=low * Add logfiles_adm_readable.dpatch: Make log files readable by group "adm". (LP: #345953) * debian/changelog: Fix cruft at the end of file. + * debian/local/apparmor-profile: Explicitly deny access to /dev/tty and + writing access to /etc/krb5.conf, so that accesses to them do not create + log spewage. (LP: #348556) -- Martin Pitt <mpitt@debian.org> Thu, 19 Mar 2009 11:20:14 +0100 diff --git a/debian/local/apparmor-profile b/debian/local/apparmor-profile index eca00dae..8ca65569 100644 --- a/debian/local/apparmor-profile +++ b/debian/local/apparmor-profile @@ -44,6 +44,7 @@ /bin/dash ixr, /bin/hostname ixr, /dev/lp* rw, + deny /dev/tty rw, # silence noise /dev/ttyS* rw, /dev/usb/lp* rw, /dev/parport* rw, @@ -115,6 +116,7 @@ # Kerberos authentication /etc/krb5.conf r, + deny /etc/krb5.conf w, /etc/krb5.keytab rk, /etc/cups/krb5.keytab rwk, /tmp/krb5cc* k, |