I just check the apparmor profiles for Hardy, Intrepid and Jaunty, and they all have (after including the abstractions):
#include <abstractions/ssl_certs>
/etc/ssl/private/ r,
/etc/ssl/private/* r,
This works out to:
/etc/ssl/ r,
/etc/ssl/certs/ r,
/etc/ssl/certs/* r,
/etc/ssl/private/ r,
/etc/ssl/private/* r,
I think if this is going to be fixed, it should be fixed in the apparmor package, so am moving it there. The question then becomes, should /etc/apparmor.d/abstractions/ssl_certs become:
/etc/ssl/ r,
/etc/ssl/* r,
This would obviate the need for references to /etc/ssl/private/ (and abstractions/ssl_keys on Jaunty). What do people think?
I just check the apparmor profiles for Hardy, Intrepid and Jaunty, and they all have (after including the abstractions): ssl_certs> ssl/private/ * r,
#include <abstractions/
/etc/ssl/private/ r,
/etc/
This works out to: ssl/private/ * r,
/etc/ssl/ r,
/etc/ssl/certs/ r,
/etc/ssl/certs/* r,
/etc/ssl/private/ r,
/etc/
I think if this is going to be fixed, it should be fixed in the apparmor package, so am moving it there. The question then becomes, should /etc/apparmor. d/abstractions/ ssl_certs become:
/etc/ssl/ r,
/etc/ssl/* r,
This would obviate the need for references to /etc/ssl/private/ (and abstractions/ ssl_keys on Jaunty). What do people think?