| Distribution | Name | Profile | Created At | Changelog | View Count | Username | |||
| ubuntu-gutsy | /etc/cron.daily/spamassassin | #include <tunables/global> /etc/cron.daily/spamassassin { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/perl> /bin/dash ixr, /bin/sleep ixr, /etc/cron.daily/spamassassin mr, /etc/default/spamassassin r, /etc/perl/Net/* r, /etc/shadow r, /tmp/* w, /usr/bin/expr ixr, /usr/bin/od ixr, /usr/bin/perl ix, /usr/bin/sa-update ixr, /usr/lib/** mr, /usr/share/perl/** r, /usr/share/perl5/** r, /var/lib/spamassassin/** r, } | 10 months ago | 55 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/showq | # $Id: usr.lib.postfix.showq 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/showq { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/showq rmix, /{var/spool/postfix/,}active/ r, /{var/spool/postfix/,}active/[0-9A-F]/ r, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ r, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* r, /{var/spool/postfix/,}defer/ r, /{var/spool/postfix/,}defer/[0-9A-F]/ r, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ r, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* r, /{var/spool/postfix/,}deferred/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* r, /{var/spool/postfix/,}hold/ r, /{var/spool/postfix/,}hold/[0-9A-F]/ r, /{var/spool/postfix/,}hold/[0-9A-F]/[0-9A-F]/ r, /{var/spool/postfix/,}hold/[0-9A-F]/[0-9A-F]/* r, /{var/spool/postfix/,}incoming/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* r, /{var/spool/postfix/,}maildrop/ r, /{var/spool/postfix/,}maildrop/[0-9A-F]/ r, /{var/spool/postfix/,}pid/unix.showq rw, } | 10 months ago | 37 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/snortsam | #include <tunables/global> /usr/bin/snortsam { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/nis> capability net_bind_service, /etc/snortsam.conf r, /usr/bin/snortsam mr, /var/db/snortsam.state r, /var/log/snortsam.log ar, } | 9 months ago | 58 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/discard | # $Id: usr.lib.postfix.discard 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/discard { #include <abstractions/base> /usr/lib/postfix/discard rmix, } | 10 months ago | 77 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/spawn | # $Id: usr.lib.postfix.spawn 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/spawn { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/spawn rmix, } | 10 months ago | 75 | stive | Edit | History | ||
| ubuntu-gutsy | /sbin/syslog-ng | # $Id$ # ------------------------------------------------------------------ # # Copyright (C) 2006 Novell/SUSE # Copyright (C) 2006 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/syslog-ng { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability chown, capability dac_override, capability fowner, capability fsetid, capability sys_admin, /dev/log w, /dev/tty10 rw, /dev/xconsole rw, /etc/syslog-ng/* r, /sbin/syslog-ng mr, /var/lib/*/dev/log w, /var/log/** w, /var/run/syslog-ng.pid w, @{PROC}/kmsg r, } | 10 months ago | 48 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postgresql/8.3/bin/postgres | #include <tunables/global> /usr/lib/postgresql/8.3/bin/postgres { #include <abstractions/base> #include <abstractions/nameservice> /etc/postgresql-common/* r, /etc/postgresql/** r, /etc/ssl/** r, /usr/lib/** mr, /usr/shar/share/zoneinfo/ r, /usr/share/postgresql/8.3/timezonesets/* r, /usr/share/zoneinfo/ r, /var/lib/postgresql/8.3/main/** lrw, /var/run/postgresql/* w, } | 10 months ago | 76 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/postgrey | #include <tunables/global> /usr/sbin/postgrey { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/perl> capability chown, capability setgid, capability setuid, /etc/postgrey/* r, /usr/bin/perl ix, /usr/lib/** mr, /usr/sbin/postgrey mr, /usr/share/perl/** r, /usr/share/perl5/** r, /var/lib/postgrey/ r, /var/lib/postgrey/* krw, /var/run/postgrey.pid w, } | 10 months ago | 41 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/bounce | # $Id: usr.lib.postfix.bounce 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/bounce { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability setgid, capability setuid, /etc/mailname r, /etc/postfix/main.cf r, /usr/lib/postfix/bounce rmix, /var/spool/postfix/active/* krw, /var/spool/postfix/defer/** krw, /{var/spool/postfix/,}active/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}bounce/[0-9A-F]/ rwl, /{var/spool/postfix/,}bounce/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}bounce/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}defer/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}pid/unix.bounce rw, /{var/spool/postfix/,}pid/unix.defer krw, /{var/spool/postfix/,}pid/unix.trace krw, /{var/spool/postfix/,}public/cleanup w, /{var/spool/postfix/,}trace/[0-9A-F]/ rwl, /{var/spool/postfix/,}trace/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}trace/[0-9A-F]/[0-9A-F]/* rwl, @{PROC}/net/if_inet6 r, } | 10 months ago | 43 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/oink | #include <tunables/global> /etc/cron.daily/oink { #include <abstractions/base> #include <abstractions/perl> /bin/dash ixr, /etc/cron.daily/oink mr, /etc/oinkmaster.conf r, /etc/snort/rules/ r, /usr/bin/perl ix, /usr/lib/** mr, /usr/sbin/oinkmaster ixr, /usr/share/perl/** r, /usr/share/perl5/** r, } | 10 months ago | 38 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/smtp | # $Id: usr.lib.postfix.smtp 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/smtp { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, capability dac_read_search, capability net_bind_service, /etc/mailname r, /etc/mtab r, /etc/postfix/prng_exch rw, /etc/postfix/sasl_passwd.db r, /etc/postfix/virtual.db r, /etc/postfix/{ssl/,}*.pem r, /usr/lib/postfix/smtp rmix, /usr/share/ssl/certs/ca-bundle.crt r, /usr/share/ssl/openssl.cnf r, /var/spool/postfix/active/* krw, /var/spool/postfix/etc/localtime r, /var/spool/postfix/etc/resolv.conf r, /var/spool/postfix/etc/services r, /var/spool/postfix/pid/unix.amavisfeed krw, /{var/spool/postfix/,}active/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}pid/unix.relay krw, /{var/spool/postfix/,}pid/unix.smtp krw, /{var/spool/postfix/,}private/anvil w, /{var/spool/postfix/,}private/bounce w, /{var/spool/postfix/,}private/defer w, /{var/spool/postfix/,}private/rewrite w, /{var/spool/postfix/,}private/scache w, /{var/spool/postfix/,}private/tlsmgr w, /{var/spool/postfix/,}private/trace w, /{var/spool/postfix/,}public/flush w, } | 10 months ago | 38 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/apt | #include <tunables/global> /etc/cron.daily/apt { #include <abstractions/base> /bin/dash ixr, /bin/dd ixr, /bin/sleep ixr, /bin/which ixr, /etc/apt/apt.conf.d/ r, /etc/apt/apt.conf.d/* r, /etc/apt/sources.list r, /etc/apt/sources.list.d/ r, /etc/cron.daily/apt mr, /etc/group r, /etc/nsswitch.conf r, /usr/bin/apt-config ixr, /usr/bin/apt-get ixr, /usr/bin/cksum ixr, /usr/bin/cut ixr, /usr/bin/getent ixr, /var/cache/apt/ w, /var/cache/apt/pkgcache.bin rw, /var/cache/apt/srcpkgcache.bin rw, /var/lib/apt/* r, /var/lib/apt/lists/* r, /var/lib/dpkg/* r, /var/lib/dpkg/lock krw, /var/lib/dpkg/updates/ r, } | 10 months ago | 32 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/lmtp | # $Id: usr.lib.postfix.lmtp 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/lmtp { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/lmtp rmix, } | 10 months ago | 38 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/apache2 | #include <tunables/global> /usr/sbin/apache2 { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> #include <abstractions/perl> capability dac_override, capability dac_read_search, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, /etc/*/htpasswd.users r, /etc/apache2/** r, /etc/drupal/6/* r, /etc/drupal/6/sites/default/dbconfig.php r, /etc/drupal/6/sites/default/settings.php r, /etc/javascript-common/javascript-common.conf r, /etc/mime.types r, /etc/mtab r, /etc/nagios-pnp/* r, /etc/nagios2/* r, /etc/perl/Net/libnet.cfg r, /etc/php5/apache2/php.ini r, /etc/php5/conf.d/* r, /etc/roundcube/* r, /etc/shadow r, /etc/ssl/openssl.cnf r, /home/nonexistent/** krw, /home/www/** r, /proc/*/mounts r, /tmp/ r, /tmp/* w, /usr/bin/perl ix, /usr/bin/sperl5.8.8 ixr, /usr/lib/** mr, /usr/sbin/apache2 mr, /usr/share/apache2/icons/* r, /usr/share/drupal6/** r, /usr/share/file/magic.mime r, /usr/share/perl/** r, /usr/share/php/** r, /usr/share/roundcube/** r, /usr/share/zoneinfo/ r, /var/lib/drupal6/files/ w, /var/lib/roundcube/** r, /var/log/apache2/* w, /var/log/openwebmail.log a, /var/log/roundcube/errors a, /var/run/apache2.pid rw, /var/run/apache2/ssl_mutex w, /var/run/mysqld/mysqld.sock w, /var/tmp/* w, /var/www/** r, /var/www/*/cgi-bin/openwebmail/etc/sessions/** krw, /var/www/*/cgi-bin/openwebmail/etc/users/** klrw, /var/www/*/cgi-bin/openwebmail/openwebmail-abook.pl ixr, /var/www/*/cgi-bin/openwebmail/openwebmail-main.pl ixr, /var/www/*/cgi-bin/openwebmail/openwebmail-read.pl ixr, /var/www/*/cgi-bin/openwebmail/openwebmail-send.pl ixr, /var/www/*/cgi-bin/openwebmail/openwebmail-viewatt.pl ixr, /var/www/*/cgi-bin/openwebmail/openwebmail.pl ixr, } /usr/sbin/apache2//DEFAULT_URI { } /usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT { } | 9 months ago | 49 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/qmqpd | # $Id: usr.lib.postfix.qmqpd 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/qmqpd { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/qmqpd rmix, } | 10 months ago | 39 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/sendmail | # $Id: usr.sbin.sendmail 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # Sendmail in Red Hat 7.3 got moved to /usr/sbin/sendmail.sendmail to # support /etc/alternatives/ -- SuSE has no such mechanism. So, this # file supports _BOTH_ sendmail's sendmail and postfix's sendmail. #include <tunables/global> /usr/sbin/sendmail { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/user-tmp> #include <program-chunks/postfix-common> /etc/aliases rw, /etc/aliases.db rw, /etc/fstab r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ldap.conf r, /etc/mail/* r, /etc/mail/statistics rw, /etc/mailname r, /etc/mtab r, /etc/postfix r, /etc/postfix/aliases r, /etc/postfix/aliases.db rw, /etc/postfix/main.cf r, /etc/postfix/postfix-script Px, /etc/sendmail.cf r, /etc/sendmail.cw r, /etc/shells r, /root/.forward rw, /root/dead.letter w, /usr/bin/procmail Px, /usr/kerberos/lib/lib*.so* mr, /usr/lib/postfix r, /usr/lib/postfix/master Px, /usr/lib/postfix/showq Px, /usr/lib/postfix/smtpd Px, /usr/lib/sasl r, /usr/lib/sasl/* mr, /usr/lib/sasl2 r, /usr/lib/sasl2/* mr, /usr/sbin/postalias Px, /usr/sbin/postdrop Pxmr, /usr/sbin/postfix Px, /usr/sbin/postqueue Px, /usr/sbin/sendmail rmix, /usr/sbin/sendmail.postfix rmix, /usr/sbin/sendmail.sendmail rmix, /var/lib/sendmail/statistics rwl, /var/run/sendmail.pid rwl, /var/run/sendmail/control rw, /var/run/sm-client.pid rwl, /var/run/utmp rw, /var/spool/clientmqueue r, /var/spool/clientmqueue/* rwl, /var/spool/mail rwl, /var/spool/mail/* rwl, /var/spool/mqueue rwl, /var/spool/mqueue/* rwl, /var/spool/postfix r, /var/spool/postfix/active r, /var/spool/postfix/bounce r, /var/spool/postfix/corrupt r, /var/spool/postfix/defer r, /var/spool/postfix/deferred r, /var/spool/postfix/incoming r, /var/spool/postfix/maildrop r, /var/spool/postfix/maildrop/* lrw, /var/spool/postfix/pid r, /var/spool/postfix/private r, /var/spool/postfix/public r, /var/spool/postfix/public/pickup w, /var/spool/postfix/public/qmgr w, /var/spool/postfix/public/showq w, /var/spool/postfix/saved r, @{PROC}/loadavg r, @{PROC}/net/if_inet6 r, } | 5 months ago | 37 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/amavisd-new | #include <tunables/global> /etc/cron.daily/amavisd-new { #include <abstractions/base> #include <abstractions/perl> capability setgid, capability setuid, /bin/dash ixr, /bin/su ixr, /etc/cron.daily/amavisd-new mr, /etc/default/locale r, /etc/environment r, /etc/group r, /etc/host.conf r, /etc/hosts r, /etc/login.defs r, /etc/nsswitch.conf r, /etc/pam.d/* r, /etc/passwd r, /etc/perl/Net/libnet.cfg r, /etc/profile r, /etc/profile.d/ r, /etc/resolv.conf r, /etc/security/pam_env.conf r, /etc/shadow r, /etc/shells r, /etc/spamassassin/ r, /etc/spamassassin/* r, /lib/security/pam_*.so mr, /proc/*/mounts r, /proc/filesystems r, /proc/stat r, /usr/bin/id ixr, /usr/bin/perl ix, /usr/bin/sa-learn ixr, /usr/lib/perl/5.8.8/** mr, /usr/sbin/amavisd-new-cronjob ixr, /usr/share/perl/5.8.8/** r, /usr/share/perl5/** r, /var/lib/amavis/.spamassassin/ r, /var/lib/amavis/.spamassassin/* lrw, /var/lib/spamassassin/** r, /var/run/utmp krw, } | 9 months ago | 53 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/roundcube-core | #include <tunables/global> /etc/cron.daily/roundcube-core { #include <abstractions/base> capability dac_override, capability dac_read_search, / r, /bin/dash ixr, /bin/rm ixr, /etc/cron.daily/roundcube-core mr, /usr/bin/find ixr, /usr/bin/xargs ixr, /var/lib/roundcube/ r, /var/lib/roundcube/temp/ r, /var/lib/roundcube/temp/* w, } | 9 months ago | 62 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/in.tftpd | #include <tunables/global> /usr/sbin/in.tftpd { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability net_bind_service, /usr/sbin/in.tftpd mr, } | 9 months ago | 54 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/bsdmainutils | #include <tunables/global> /etc/cron.daily/bsdmainutils { #include <abstractions/base> /bin/dash ixr, /etc/cron.daily/bsdmainutils mr, } | 10 months ago | 39 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/pipe | # $Id: usr.lib.postfix.pipe 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/pipe { #include <abstractions/base> /usr/lib/postfix/pipe rmix, } | 10 months ago | 38 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/mlocate | #include <tunables/global> /etc/cron.daily/mlocate { #include <abstractions/base> capability chown, capability dac_override, capability dac_read_search, capability fowner, capability fsetid, capability sys_admin, / r, /**/ r, /bin/dash ixr, /etc/cron.daily/mlocate mr, /etc/group r, /etc/mtab r, /etc/nsswitch.conf r, /etc/updatedb.conf r, /proc/*/mounts r, /usr/bin/ionice ixr, /usr/bin/updatedb.mlocate ixr, /var/lib/mlocate/* rw, } | 10 months ago | 86 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/anvil | # $Id: usr.lib.postfix.anvil 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/anvil { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability setgid, capability setuid, /etc/mailname r, /etc/postfix/main.cf r, /usr/lib/postfix/anvil rmix, /{var/spool/postfix/,}pid/unix.anvil rw, /{var/spool/postfix/,}private/anvil rw, @{PROC}/net/if_inet6 r, } | 10 months ago | 74 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/standard | #include <tunables/global> /etc/cron.daily/standard { #include <abstractions/base> /bin/chmod ixr, /bin/cp ixr, /bin/dash ixr, /bin/date ixr, /bin/df ixr, /bin/grep ixr, /bin/gzip ixr, /bin/ls ixr, /bin/mv ixr, /bin/rm ixr, /bin/sed ixr, /bin/which ixr, /boot/lost\+found/ r, /etc/cron.daily/standard mr, /etc/group r, /etc/gshadow r, /etc/mtab r, /etc/passwd r, /etc/shadow r, /home/*/ r, /lost\+found/ r, /proc/*/mounts r, /proc/filesystems r, /usr/bin/basename ixr, /usr/bin/cmp ixr, /usr/bin/dirname ixr, /usr/bin/mawk ixr, /usr/bin/savelog ixr, /var/backups/* rw, /var/lib/dpkg/status r, } | 9 months ago | 34 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/scache | # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/scache { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /usr/lib/postfix/scache rmix, /var/run/nscd/group r, } | 10 months ago | 72 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/cron | #include <tunables/global> /usr/sbin/cron { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, /bin/dash ixr, /etc/cron.d/ r, /etc/cron.d/* r, /etc/crontab r, /etc/environment r, /proc/*/mounts r, /proc/filesystems r, /usr/sbin/cron mr, /var/run/crond.pid krw, /var/run/utmp krw, /var/spool/cron/crontabs/ r, /var/spool/cron/crontabs/* r, } | 10 months ago | 58 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/named | #include <tunables/global> /usr/sbin/named { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_resource, /etc/bind/** r, /proc/net/if_inet6 r, /usr/sbin/named mr, /var/cache/bind/ rw, /var/cache/bind/** rw, /var/lib/bind/ rw, /var/lib/bind/** rw, /var/lib/dnscvsutil/compiled/** rw, /var/log/named/** rw, /var/run/bind/named.options r, /var/run/bind/run/named.pid w, } | 10 months ago | 50 | stive | Edit | History | ||
| ubuntu-gutsy | /sbin/portmap | # $Id: sbin.portmap 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/portmap { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, /etc/bindresvport.blacklist r, /etc/hosts.allow r, /etc/hosts.deny r, /sbin/portmap rmix, } | 10 months ago | 77 | stive | Edit | History | ||
| ubuntu-gutsy | /sbin/syslogd | # $Id: sbin.syslogd 559 2007-04-10 23:05:33Z agruen $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/syslogd { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, capability setgid, capability setuid, capability sys_tty_config, /dev/log wl, /dev/tty* w, /dev/xconsole rw, /etc/group m, /etc/passwd m, /etc/syslog.conf r, /sbin/syslogd rmix, /var/lib/*/dev/log wl, /var/log/** rw, /var/run/syslogd.pid rwlk, /var/run/utmp krw, /var/spool/compaq/nic/messages_fifo rw, } | 10 months ago | 65 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/postfix | #include <tunables/global> /usr/sbin/postfix { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, capability kill, capability setgid, capability setuid, capability sys_chroot, capability sys_tty_config, /bin/dash ixr, /bin/grep ixr, /bin/sed ixr, /bin/sleep ixr, /bin/uname Px, /dev/tty a, /etc/mailname r, /etc/postfix/* r, /etc/postfix/postfix-script ixr, /etc/ssl/certs/ssl-cert-snakeoil.pem r, /etc/ssl/openssl.cnf r, /etc/ssl/private/ssl-cert-snakeoil.key r, /home/*/.forward r, /home/*/.maildir/** lw, /proc/sys/kernel/ngroups_max r, /root/.maildir/** lw, /usr/bin/mawk ixr, /usr/lib/postfix/* mr, /usr/lib/postfix/anvil ixr, /usr/lib/postfix/bounce ixr, /usr/lib/postfix/cleanup ixr, /usr/lib/postfix/error ixr, /usr/lib/postfix/flush ixr, /usr/lib/postfix/local ixr, /usr/lib/postfix/master ixr, /usr/lib/postfix/pickup ixr, /usr/lib/postfix/proxymap ixr, /usr/lib/postfix/qmgr ixr, /usr/lib/postfix/scache ixr, /usr/lib/postfix/showq ixr, /usr/lib/postfix/smtp ixr, /usr/lib/postfix/smtpd ixr, /usr/lib/postfix/tlsmgr ixr, /usr/lib/postfix/trivial-rewrite ixr, /usr/sbin/postconf ixr, /usr/sbin/postfix mr, /usr/sbin/postlog ixr, /usr/sbin/postsuper ixr, /var/lib/amavis/.maildir/** lw, /var/lib/postfix/prng_exch krw, /var/lib/postfix/smtp_scache.db krw, /var/lib/postfix/smtpd_scache.db krw, /var/spool/postfix/active/ r, /var/spool/postfix/active/* krw, /var/spool/postfix/defer/** krw, /var/spool/postfix/deferred/ r, /var/spool/postfix/deferred/** rw, /var/spool/postfix/etc/* r, /var/spool/postfix/flush/ r, /var/spool/postfix/flush/* krw, /var/spool/postfix/hold/ r, /var/spool/postfix/incoming/ r, /var/spool/postfix/incoming/* rw, /var/spool/postfix/lib/lib*so* mr, /var/spool/postfix/maildrop/ r, /var/spool/postfix/maildrop/* rw, /var/spool/postfix/pid/* krw, /var/spool/postfix/private/* w, /var/spool/postfix/public/* rw, /var/spool/postfix/trace/* krw, /var/www/.maildir/** lw, } | 6 months ago | 37 | stive | Edit | History | ||
| ubuntu-gutsy | /opt/grisoft/avg7/bin/avgupdate | #include <tunables/global> /opt/grisoft/avg7/bin/avgupdate { #include <abstractions/base> #include <abstractions/nameservice> capability chown, capability dac_override, capability fsetid, /opt/grisoft/avg7/bin/avgupdate mr, /opt/grisoft/avg7/data/* rw, /opt/grisoft/avg7/etc/* r, /opt/grisoft/avg7/lib/lib*so* mr, /opt/grisoft/avg7/var/run/avgupdate.pid rw, /opt/grisoft/avg7/var/update/backup/* rw, /opt/grisoft/avg7/var/update/download/* rw, /opt/grisoft/avg7/var/update/log/avg7upd.log rw, /opt/grisoft/avg7/var/update/preinstall/* rw, /opt/grisoft/lib/lib*so* mr, /var/run/avgd.pgrp r, } | 10 months ago | 42 | stive | Edit | History | ||
| ubuntu-gutsy | /opt/grisoft/avg7/bin/avgscan | #include <tunables/global> /opt/grisoft/avg7/bin/avgscan { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, / r, /opt/grisoft/avg7/bin/avgscan mr, /opt/grisoft/avg7/data/ r, /opt/grisoft/avg7/data/* rw, /opt/grisoft/avg7/etc/* r, /opt/grisoft/avg7/etc/antispam/ r, /opt/grisoft/avg7/etc/antispam/* rw, /opt/grisoft/avg7/lib/lib*so* mr, /opt/grisoft/lib/lib*so* mr, /tmp/* w, /var/lib/amavis/tmp/** rw, /var/run/avgd.pgrp w, } | 10 months ago | 91 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/verify | # $Id: usr.lib.postfix.verify 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/verify { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/verify rmix, } | 10 months ago | 58 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/tlsmgr | # $Id: usr.lib.postfix.tlsmgr 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/tlsmgr { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /etc/postfix/prng_exch rw, /usr/lib/postfix/tlsmgr rmix, /var/lib/postfix/* krw, /var/run/__db.smtpd_tls_session_cache.db rw, /var/run/smtpd_tls_session_cache.db rw, /{var/spool/postfix/,}private/tlsmgr r, } | 10 months ago | 70 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/dhcpd3 | #include <tunables/global> /usr/sbin/dhcpd3 { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability net_bind_service, capability net_raw, capability setgid, capability setuid, network packet, network raw, /etc/dhcp3/dhcpd.conf r, /usr/sbin/dhcpd3 mr, /var/lib/dhcp3/* rwl, /var/run/dhcp3-server/dhcpd.pid w, } | 9 months ago | 34 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/passwd | # ------------------------------------------------------------------ # # Copyright (C) 2006 Volker Kuhlmann # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/bin/passwd { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability chown, capability sys_resource, /etc/.pwd.lock w, /etc/pwdutils/logging r, /etc/shadow rwl, /etc/shadow.old rwl, /etc/shadow.tmp?????? rwl, /usr/bin/passwd mr, /usr/lib/pwdutils/lib*.so* mr, /usr/lib64/pwdutils/lib*.so* mr, /usr/share/cracklib/pw_dict.hwm r, /usr/share/cracklib/pw_dict.pwd r, /usr/share/cracklib/pw_dict.pwi r, } | 10 months ago | 42 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/dspam | #include <tunables/global> /etc/cron.daily/dspam { #include <abstractions/base> capability dac_override, capability dac_read_search, /bin/dash ixr, /bin/egrep ixr, /etc/cron.daily/dspam mr, /etc/dspam/* r, /etc/dspam/dspam.d/ r, /etc/nsswitch.conf r, /etc/passwd r, /usr/bin/dspam_clean ixr, /var/spool/dspam/data/ r, } | 10 months ago | 37 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/amavisd-new | #include <tunables/global> /usr/sbin/amavisd-new { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/perl> #include <abstractions/python> capability chown, capability dac_override, capability setgid, capability setuid, capability sys_tty_config, /bin/dash ixr, /bin/hostname Pxmr, /bin/run-parts ixr, /etc/amavis/** r, /etc/dspam/default.prefs r, /etc/dspam/dspam.conf r, /etc/dspam/dspam.d/ r, /etc/magic r, /etc/mailname r, /etc/razor/razor-agent.conf r, /etc/shadow r, /etc/spamassassin/ r, /etc/spamassassin/* r, /proc/meminfo r, /usr/bin/arj ixr, /usr/bin/dspam Pxmr, /usr/bin/file ixr, /usr/bin/head ixr, /usr/bin/perl ix, /usr/bin/python2.5 ixr, /usr/bin/pyzor ixr, /usr/bin/ripole Pxmr, /usr/lib/** mr, /usr/sbin/amavisd-new mr, /usr/share/amavis/*/ r, /usr/share/amavis/conf.d/* r, /usr/share/file/magic.mgc r, /usr/share/spamassassin/ r, /usr/share/spamassassin/* r, /var/lib/amavis/*/ rw, /var/lib/amavis/.pyzor/servers rw, /var/lib/amavis/.spamassassin/* lrw, /var/lib/amavis/amavisd.sock w, /var/lib/amavis/db/** rw, /var/lib/amavis/tmp/** lrw, /var/lib/amavis/virusmails/** w, /var/lib/spamassassin/** r, /var/run/amavis/amavisd.lock kw, /var/run/amavis/amavisd.pid w, /var/run/clamav/clamd.ctl w, } | 9 months ago | some perl abs | 40 | stive | Edit | History | |
| ubuntu-gutsy | /usr/lib/postfix/trivial-rewrite | # $Id: usr.lib.postfix.trivial-rewrite 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/trivial-rewrite { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /etc/postfix/relocated.db r, /etc/postfix/transport.db r, /etc/postfix/virtual.db r, /etc/{m,fs}tab r, /usr/lib/postfix/trivial-rewrite rmix, /var/spool/postfix/etc/hosts r, /var/spool/postfix/etc/resolv.conf r, /var/spool/postfix/lib/lib*so* r, /var/spool/postfix/pid/unix.rewrite rw, } | 5 months ago | 45 | stive | Edit | History | ||
| ubuntu-gutsy | /bin/hostname | #include <tunables/global> /bin/hostname { #include <abstractions/base> #include <abstractions/nameservice> /bin/hostname mr, } | 10 months ago | 55 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/smtpd | # $Id: usr.lib.postfix.smtpd 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/smtpd { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, capability dac_read_search, capability setgid, capability setuid, /dev/urandom r, /etc/aliases.db krw, /etc/fstab r, /etc/mailname r, /etc/mtab r, /etc/postfix/*.db r, /etc/postfix/main.cf r, /etc/postfix/prng_exch rw, /etc/postfix/smtpd_scache.dir r, /etc/postfix/smtpd_scache.pag rw, /etc/postfix/{ssl/,}*.pem r, /etc/ssl/certs/ssl-cert-snakeoil.pem r, /etc/ssl/private/* r, /usr/lib/postfix/smtpd rmix, /usr/lib/sasl2/ mr, /usr/lib/sasl2/* mr, /usr/lib64/sasl2/ mr, /usr/lib64/sasl2/* mr, /usr/sbin/postdrop rPx, /usr/share/ssl/certs/ca-bundle.crt r, /usr/share/ssl/openssl.cnf r, /var/lib/mailman/data/aliases.db r, /var/run/sasl2/mux w, /var/spool/postfix/etc/* r, /var/spool/postfix/lib/* mr, /{var/spool/postfix/,}pid/inet.* krw, /{var/spool/postfix/,}private/anvil w, /{var/spool/postfix/,}private/proxymap w, /{var/spool/postfix/,}private/rewrite w, /{var/spool/postfix/,}private/tlsmgr w, /{var/spool/postfix/,}public/cleanup w, @{PROC}/net/if_inet6 r, } | 10 months ago | 42 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/pyzor | #include <tunables/global> /usr/bin/pyzor { #include <abstractions/base> /usr/bin/python2.5 ix, /usr/bin/pyzor mr, } | 9 months ago | 40 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/avahi-daemon | #include <tunables/global> /usr/sbin/avahi-daemon { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability chown, capability dac_override, capability kill, capability setgid, capability setuid, capability sys_chroot, /etc/avahi/ r, /etc/avahi/avahi-daemon.conf r, /etc/avahi/hosts r, /etc/avahi/services/ r, /etc/avahi/services/*.service r, /etc/group m, /etc/passwd m, /proc/*/fd/ r, /usr/sbin/avahi-daemon mr, /var/run/avahi-daemon/ w, /var/run/avahi-daemon/pid krw, /var/run/avahi-daemon/socket w, /var/run/dbus/system_bus_socket w, } | 10 months ago | 64 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/dovecot | #include <tunables/global> /usr/sbin/dovecot { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability chown, capability dac_override, capability dac_read_search, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, /etc/dovecot/dovecot-sql.conf r, /etc/dovecot/dovecot.conf r, /etc/mtab r, /etc/ssl/certs/* r, /etc/ssl/openssl.cnf r, /etc/ssl/private/* r, /home/*/.Maildir/* mklrw, /home/*/.Maildir/*/ w, /home/*/.maildir/ r, /home/*/.maildir/** klrw, /proc/sys/kernel/ngroups_max r, /usr/lib/dovecot/dovecot-auth ixr, /usr/lib/dovecot/imap ixr, /usr/lib/dovecot/imap-login ixr, /usr/lib/dovecot/pop3 ixr, /usr/lib/dovecot/pop3-login ixr, /usr/lib/dovecot/ssl-build-param ixr, /usr/sbin/dovecot mr, /var/lib/dovecot/* krw, /var/run/dovecot/ rw, /var/run/dovecot/* rw, /var/run/dovecot/login/ rw, /var/run/dovecot/login/* rw, } | 9 months ago | 76 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/dspam | #include <tunables/global> /usr/bin/dspam { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability net_bind_service, /etc/dspam/* r, /etc/dspam/dspam.d/ r, /usr/bin/dspam mr, /var/lib/amavis/tmp/** r, /var/run/dspam/dspam.pid w, } | 10 months ago | 71 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/aide | #include <tunables/global> /etc/cron.daily/aide { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> capability chown, capability dac_override, capability fowner, capability fsetid, capability setgid, capability setuid, capability sys_ptrace, / r, /bin/bash ixr, /bin/cat ixr, /bin/chgrp ixr, /bin/chmod ixr, /bin/chown ixr, /bin/dash ixr, /bin/date ixr, /bin/dnsdomainname ixr, /bin/grep ixr, /bin/gzip ixr, /bin/hostname ixr, /bin/ln ixr, /bin/ls ixmr, /bin/mkdir ixr, /bin/mv ixr, /bin/rm ixr, /bin/sed ixr, /bin/touch ixr, /bin/which ixr, /dev/ r, /dev/**/ r, /dev/tty rw, /etc/ r, /etc/*/ r, /etc/aide/aide.conf r, /etc/aide/aide.conf.d/ r, /etc/aide/aide.conf.d/* r, /etc/aide/aide.conf.d/10_aide_hostname ixr, /etc/aide/aide.conf.d/30_aide_apache2 ixr, /etc/aide/aide.conf.d/30_inn2_vars ixr, /etc/aide/aide.conf.d/31_aide_amanda-server ixr, /etc/aide/aide.conf.d/31_aide_apt ixr, /etc/aide/aide.conf.d/31_aide_ifupdown ixr, /etc/aide/aide.conf.d/31_aide_torrus ixr, /etc/aide/aide.conf.d/70_aide_dev ixr, /etc/apt/sources.list r, /etc/cron.daily/aide mr, /etc/default/aide r, /etc/dpkg/dpkg.cfg r, /etc/mail.rc r, /etc/mailname r, /etc/postfix/* r, /lib/ r, /lib/modules/ r, /proc/ r, /proc/*/cmdline r, /proc/*/mounts r, /proc/*/stat r, /proc/filesystems r, /proc/meminfo r, /root/ r, /sbin/killall5 ixr, /tmp/ rw, /tmp/* rw, /tmp/.ICE-unix/ r, /tmp/.X11-unix/ r, /usr/ r, /usr/bin/aide ixr, /usr/bin/aide.wrapper ixr, /usr/bin/basename ixr, /usr/bin/cut ixr, /usr/bin/dirname ixr, /usr/bin/dotlockfile ixr, /usr/bin/dpkg ixr, /usr/bin/dpkg-query ixr, /usr/bin/expr ixr, /usr/bin/find ixr, /usr/bin/getopt ixr, /usr/bin/head ixr, /usr/bin/logger ixr, /usr/bin/mail ixr, /usr/bin/mawk ixr, /usr/bin/savelog ixr, /usr/bin/wc ixr, /usr/bin/xargs ixr, /usr/sbin/postdrop ixr, /usr/sbin/sendmail ixr, /usr/sbin/update-aide.conf ixr, /usr/share/ r, /usr/share/doc/ r, /var/ r, /var/backups/ r, /var/backups/* r, /var/cache/ r, /var/cache/apt/ r, /var/cache/apt/archives/ r, /var/cache/debconf/ r, /var/cache/man/ r, /var/cache/man/*/ r, /var/lib/ r, /var/lib/*/ r, /var/lib/aide/aide.conf.autogenerated rw, /var/lib/aide/aide.conf.autogenerated.tmp rw, /var/lib/aide/aide.db r, /var/lib/aide/aide.db.new krw, /var/lib/amavis/.spamassassin/ r, /var/lib/amavis/db/ r, /var/lib/amavis/tmp/ r, /var/lib/amavis/virusmails/ r, /var/lib/apt/lists/ r, /var/lib/apt/lists/partial/ r, /var/lib/clamav/daily.inc/ r, /var/lib/clamav/main.inc/ r, /var/lib/dpkg/* r, /var/lib/dpkg/*/ r, /var/lock/ r, /var/log/ r, /var/log/* r, /var/log/*/ r, /var/log/aide/* lrw, /var/log/apache2/* r, /var/log/clamav/* r, /var/run/ r, /var/run/* lw, /var/run/**/ r, /var/run/aide/* lw, /var/run/aide/cron.daily/ rw, /var/run/aide/cron.daily/* rw, /var/run/aide/cron.daily/dbcheckdb krw, /var/spool/ r, /var/spool/postfix/maildrop/* rw, /var/spool/postfix/public/pickup w, /var/tmp/ r, /var/www/ r, } | 9 months ago | 67 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/php5 | #include <tunables/global> /usr/bin/php5 { #include <abstractions/base> /usr/bin/php5 mr, } | 9 months ago | 34 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/aptitude | #include <tunables/global> /etc/cron.daily/aptitude { #include <abstractions/base> /bin/cp ixr, /bin/dash ixr, /bin/date ixr, /bin/gzip ixr, /bin/mv ixr, /bin/rm ixr, /bin/which ixr, /etc/cron.daily/aptitude mr, /proc/*/mounts r, /proc/filesystems r, /usr/bin/basename ixr, /usr/bin/cmp ixr, /usr/bin/dirname ixr, /usr/bin/savelog ixr, /var/backups/* rw, /var/lib/aptitude/pkgstates r, } | 9 months ago | 71 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/pickup | # $Id: usr.lib.postfix.pickup 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/pickup { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /usr/lib/postfix/pickup rmix, /{var/spool/postfix/,}maildrop/ r, /{var/spool/postfix/,}maildrop/* rwl, /{var/spool/postfix/,}public/cleanup w, /{var/spool/postfix/,}public/pickup r, } | 10 months ago | 37 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/local | # $Id: usr.lib.postfix.local 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/local { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/user-mail> #include <program-chunks/postfix-common> /bin/bash mixr, /bin/date mixr, /dev/tty rw, /etc/mailname r, /etc/postfix/lists.db r, /etc/postfix/virtual.db r, /etc/ssl/openssl.cnf r, /etc/{postfix/,}aliases.db krw, /home/*/.Maildir/** lw, /home/*/.maildir/** lw, /root/.maildir/** lw, /usr/bin/mlmmj-recieve Px, /usr/bin/procmail Px, /usr/lib/mailman/mail/mailman Px, /usr/lib/postfix/local rmix, /var/lib/amavis/.maildir/** lw, /var/lib/mailman/data/aliases.db r, /var/mailman/mail/wrapper Px, /var/spool/postfix/active/* krw, /var/www/.maildir/** lw, /{var/spool/postfix/,}active/[0-9A-F]/ rw, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rw, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rw, /{var/spool/postfix/,}pid/unix.local krw, /{var/spool/postfix/,}private/{bounce,defer,flush,lmtp,rewrite} rw, /{var/spool/postfix/,}public/{cleanup,flush} rw, } | 10 months ago | 69 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/proxymap | # $Id: usr.lib.postfix.proxymap 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/proxymap { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability setgid, capability setuid, /etc/mailname r, /etc/postfix/main.cf r, /usr/lib/postfix/proxymap rmix, @{PROC}/net/if_inet6 r, } | 10 months ago | 53 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/qmgr | # $Id: usr.lib.postfix.qmgr 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/qmgr { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /usr/lib/postfix/qmgr rmix, /var/spool/postfix/** krw, /{var/spool/postfix/,}active/ r, /{var/spool/postfix/,}active/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}defer/ r, /{var/spool/postfix/,}defer/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}deferred/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}private/bounce w, /{var/spool/postfix/,}private/defer w, /{var/spool/postfix/,}private/local w, /{var/spool/postfix/,}private/relay w, /{var/spool/postfix/,}private/rewrite w, /{var/spool/postfix/,}private/smtp w, /{var/spool/postfix/,}private/trace w, /{var/spool/postfix/,}private/uucp w, /{var/spool/postfix/,}public/flush w, /{var/spool/postfix/,}public/qmgr r, } | 10 months ago | 75 | stive | Edit | History | ||
| ubuntu-gutsy | /bin/uname | #include <tunables/global> /bin/uname { #include <abstractions/base> /bin/uname mr, } | 10 months ago | 45 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/mysqladmin | #include <tunables/global> /usr/bin/mysqladmin { #include <abstractions/base> #include <abstractions/consoles> /etc/mysql/* r, /etc/mysql/conf.d/ r, /etc/mysql/conf.d/* r, /etc/nsswitch.conf r, /etc/services r, /usr/bin/mysqladmin mr, /usr/share/mysql/charsets/* r, /var/run/mysqld/mysqld.sock w, } | 9 months ago | 51 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/virtual | # $Id: usr.lib.postfix.virtual 201 2006-11-05 08:39:33Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/virtual { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability setgid, capability setuid, /usr/lib/postfix/virtual rmix, /var/spool/postfix/active/* rw, /var/spool/postfix/pid/unix.virtual rw, /var/spool/postfix/private/bounce w, } | 10 months ago | 35 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/error | # $Id: usr.lib.postfix.error 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/error { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, /etc/mailname r, /usr/lib/postfix/error rmix, /var/spool/postfix/active/* krw, /var/spool/postfix/etc/* r, /var/spool/postfix/pid/unix.retry krw, /var/spool/postfix/private/defer w, /var/spool/postfix/public/* w, } | 10 months ago | 35 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/apache2 | #include <tunables/global> /etc/cron.daily/apache2 { #include <abstractions/base> /bin/dash ixr, /etc/cron.daily/apache2 mr, /etc/default/apache2 r, } /etc/cron.daily/apache2//DEFAULT_URI { } /etc/cron.daily/apache2//HANDLING_UNTRUSTED_INPUT { } | 10 months ago | 73 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/sysklogd | #include <tunables/global> /etc/cron.daily/sysklogd { #include <abstractions/base> #include <abstractions/perl> capability chown, capability dac_override, capability fowner, capability fsetid, capability kill, /bin/cat ixr, /bin/chgrp ixr, /bin/chmod ixr, /bin/chown ixr, /bin/dash ixr, /bin/date ixr, /bin/grep ixr, /bin/gzip ixr, /bin/ln ixr, /bin/mv ixr, /bin/ps ixr, /bin/readlink ixr, /bin/rm ixr, /bin/touch ixr, /bin/which ixr, /dev/tty r, /etc/cron.daily/sysklogd mr, /etc/default/syslogd r, /etc/group r, /etc/init.d/sysklogd ixr, /etc/lsb-base-logging.sh r, /etc/nsswitch.conf r, /etc/passwd r, /etc/syslog.conf r, /lib/lsb/init-functions r, /proc/ r, /proc/*/cmdline r, /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, /proc/filesystems r, /proc/uptime r, /proc/version r, /sbin/start-stop-daemon ixr, /usr/bin/basename ixr, /usr/bin/dirname ixr, /usr/bin/head ixr, /usr/bin/perl ix, /usr/bin/savelog ixr, /usr/bin/tput ixr, /usr/bin/tr ixr, /usr/sbin/syslogd-listfiles ixr, /var/log/* lrw, /var/run/syslogd.pid r, } | 10 months ago | 32 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/proftpd | #include <tunables/global> /usr/sbin/proftpd { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> #include <abstractions/wutmp> capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, /etc/ftpusers r, /etc/pam.d/* r, /etc/proftpd/* r, /etc/shadow r, /etc/shells r, /etc/ssl/openssl.cnf r, /home/ r, /home/** rw, /home/*/ ram, /lib/security/pam_*.so mr, /proc/*/mounts r, /proc/filesystems r, /usr/lib/** mr, /usr/sbin/proftpd mr, /usr/share/drupal6/ r, /var/log/proftpd/* w, /var/run/proftpd.pid w, /var/run/proftpd/proftpd.delay krw, /var/run/proftpd/proftpd.scoreboard krw, /var/run/proftpd/proftpd.sock w, /var/run/proftpd/test.sock w, /var/www/** rw, } | 9 months ago | 44 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/ripole | #include <tunables/global> /usr/bin/ripole { #include <abstractions/base> /usr/bin/ripole mr, /var/lib/amavis/tmp/** rw, } | 10 months ago | 69 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/nqmgr | # $Id: usr.lib.postfix.nqmgr 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/nqmgr { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/postfix/main.cf r, /usr/lib/postfix/nqmgr rmix, /{var/spool/postfix/,}active/ r, /{var/spool/postfix/,}active/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}defer/ r, /{var/spool/postfix/,}defer/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}deferred/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}private/bounce w, /{var/spool/postfix/,}private/defer w, /{var/spool/postfix/,}private/local w, /{var/spool/postfix/,}private/rewrite w, /{var/spool/postfix/,}private/smtp w, /{var/spool/postfix/,}public/flush w, /{var/spool/postfix/,}public/qmgr r, } | 10 months ago | 47 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/clamd | #include <tunables/global> /usr/sbin/clamd { #include <abstractions/base> #include <abstractions/user-tmp> /etc/clamav/clamd.conf r, /tmp/** klrw, /usr/sbin/clamd mr, /var/lib/clamav/ r, /var/lib/clamav/.dbLock krw, /var/lib/clamav/daily.inc/ r, /var/lib/clamav/daily.inc/* krw, /var/lib/clamav/main.cvd r, /var/log/clamav/clamav.log a, /var/run/clamav/clamd.ctl w, /var/run/clamav/clamd.pid w, } | 9 months ago | 80 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/aide | #include <tunables/global> /usr/bin/aide { #include <abstractions/base> /usr/bin/aide mr, } | 10 months ago | 59 | stive | Edit | History | ||
| ubuntu-gutsy | /sbin/klogd | # $Id: sbin.klogd 888 2007-08-07 13:26:21Z DominicReynolds_ $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/klogd { #include <abstractions/base> capability sys_admin, /boot/System.map* r, /sbin/klogd rmix, /var/log/boot.msg rwl, /var/run/klogd.pid krwl, /var/run/klogd/klogd.pid krwl, /var/run/klogd/kmsg r, @{PROC}/kallsyms r, @{PROC}/kmsg r, } | 10 months ago | 60 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/flush | # $Id: usr.lib.postfix.flush 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/flush { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability setgid, capability setuid, /etc/mailname r, /etc/mtab r, /etc/postfix/main.cf r, /etc/postfix/virtual.db r, /usr/lib/postfix/flush rmix, /var/spool/postfix/etc/* r, /var/spool/postfix/flush/* krw, /var/spool/postfix/incoming/* w, /{var/spool/postfix/,}deferred/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]* rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}flush/ rwl, /{var/spool/postfix/,}flush/[0-9A-F]/ rwl, /{var/spool/postfix/,}flush/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}flush/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}pid/unix.flush krw, /{var/spool/postfix/,}public/qmgr w, @{HOME}/.forward r, } | 10 months ago | 58 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/bin/man | # $Id: usr.bin.man 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # #include <tunables/global> /usr/bin/man { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, /usr/lib/man-db/man Px, } | 10 months ago | 54 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/oinkmaster | #include <tunables/global> /usr/sbin/oinkmaster { #include <abstractions/base> #include <abstractions/perl> /usr/bin/perl ix, /usr/sbin/oinkmaster mr, } | 10 months ago | 56 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/man-db | #include <tunables/global> /etc/cron.daily/man-db { #include <abstractions/base> #include <abstractions/perl> #include <abstractions/user-manpages> capability chown, capability setgid, capability setuid, / r, /bin/chown ixr, /bin/dash ixr, /etc/cron.daily/man-db mr, /etc/group r, /etc/manpath.config r, /etc/nsswitch.conf r, /etc/passwd r, /sbin/start-stop-daemon ixr, /usr/bin/find ixr, /usr/bin/perl ix, /usr/bin/xargs ixr, /usr/lib/** mr, /usr/lib/man-db/manconv ixr, /usr/lib/man-db/mandb ixr, /usr/man/ r, /usr/sbin/dpkg-statoverride ixr, /usr/share/man/ r, /usr/share/perl/** r, /usr/share/perl5/** r, /var/cache/ r, /var/cache/man/ rw, /var/cache/man/** krw, /var/lib/dpkg/* r, } | 9 months ago | 64 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/cleanup | # $Id: usr.lib.postfix.cleanup 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/cleanup { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability net_bind_service, /etc/mailname r, /etc/postfix/* r, /etc/{m,fs}tab r, /usr/lib/postfix/cleanup rmix, /var/spool/postfix/etc/* r, /var/spool/postfix/incoming/* w, /{var/spool/postfix/,}hold/[0-9A-F]* w, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/[0-9]*.[0-9]* rwl, /{var/spool/postfix/,}pid/unix.cleanup krw, /{var/spool/postfix/,}private/{rewrite,bounce} w, /{var/spool/postfix/,}public/qmgr w, } | 10 months ago | 54 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/logrotate | # $Id: etc.cron.daily.logrotate 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /etc/cron.daily/logrotate { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/mysql> #include <abstractions/nameservice> capability chown, capability dac_override, capability fowner, capability fsetid, / r, /bin/bash mixr, /bin/cat mixr, /bin/cp ixr, /bin/dash ixr, /bin/date ixr, /bin/grep ixr, /bin/gzip mixr, /bin/kill mixr, /bin/logger mixr, /bin/ps ixr, /bin/readlink ixr, /bin/true mixr, /dev/tty wr, /etc/apache2/** r, /etc/cron.daily/logrotate r, /etc/default/apache2 r, /etc/default/rcS r, /etc/drupal/6/apache.conf r, /etc/init.d/* mixr, /etc/javascript-common/javascript-common.conf r, /etc/logrotate.conf r, /etc/logrotate.d r, /etc/logrotate.d/ r, /etc/logrotate.d/* r, /etc/lsb-base-logging.sh r, /etc/mysql/debian.cnf r, /etc/roundcube/apache.conf r, /etc/subdomain.d r, /home/*/ r, /lib/lsb/* r, /proc/ r, /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, /proc/filesystems r, /proc/meminfo r, /proc/stat r, /proc/sys/kernel/pid_max r, /proc/tty/drivers r, /proc/uptime r, /proc/version r, /tmp w, /tmp/file* wl, /tmp/logrot* wlr, /usr/bin/env ixr, /usr/bin/killall mixr, /usr/bin/mysqladmin ixr, /usr/lib/apache2/modules/* mr, /usr/sbin/apache2 ixr, /usr/sbin/apache2ctl ixr, /usr/sbin/logrotate mixr, /var/lib/logrotate.status wr, /var/lib/logrotate/status rw, /var/lib/privoxy/log/** rwl, /var/lib64/privoxy/log/** rwl, /var/lock/samba r, /var/log r, /var/log/** wrl, /var/run/apache2.pid r, /var/run/httpd.pid r, /var/run/mysqld/mysqld.sock w, /var/run/syslogd.pid r, /var/spool/slrnpull wr, /var/spool/slrnpull/log* wrl, /var/www/konyvtar.mezobereny.hu./lstat/katnaplo w, /var/www/konyvtar.mezobereny.hu./lstat/katstate r, /var/www/konyvtar.mezobereny.hu./lstat/katstatg ixr, /var/www/konyvtar.mezobereny.hu./lstat/katstath ixr, /var/www/konyvtar.mezobereny.hu./lstat/kvtnaplo w, /var/www/konyvtar.mezobereny.hu./lstat/kvtstate r, /var/www/konyvtar.mezobereny.hu./lstat/kvtstatg ixr, /var/www/konyvtar.mezobereny.hu./lstat/kvtstath ixr, @{PROC} r, @{PROC}/[1-9]* r, } | 9 months ago | 56 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/lib/postfix/master | # $Id: usr.lib.postfix.master 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/master { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, capability kill, capability net_bind_service, /etc/mailname r, /etc/postfix/master.cf r, /usr/lib/postfix/anvil Px, /usr/lib/postfix/bounce Px, /usr/lib/postfix/cleanup Px, /usr/lib/postfix/error ixr, /usr/lib/postfix/flush Px, /usr/lib/postfix/local Px, /usr/lib/postfix/master rmix, /usr/lib/postfix/nqmgr Px, /usr/lib/postfix/pickup Px, /usr/lib/postfix/pipe Px, /usr/lib/postfix/proxymap Px, /usr/lib/postfix/qmgr Px, /usr/lib/postfix/scache Px, /usr/lib/postfix/showq Px, /usr/lib/postfix/smtp Px, /usr/lib/postfix/smtpd Px, /usr/lib/postfix/tlsmgr Px, /usr/lib/postfix/trivial-rewrite Px, /var/spool/postfix/active/* krw, /var/spool/postfix/etc/* r, /var/spool/postfix/pid/unix.retry krw, /{var/spool/postfix/,}pid/master.pid krw, /{var/spool/postfix/,}private/* wl, /{var/spool/postfix/,}private/tlsmgr rwl, /{var/spool/postfix/,}public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl, } | 10 months ago | 80 | stive | Edit | History | ||
| ubuntu-gutsy | /usr/sbin/mysqld | #include <tunables/global> /usr/sbin/mysqld { #include <abstractions/base> #include <abstractions/mysql> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability dac_override, capability setgid, capability setuid, /etc/group m, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mysql/*.pem r, /etc/mysql/conf.d/ r, /etc/mysql/conf.d/* r, /etc/mysql/my.cnf r, /etc/passwd m, /usr/sbin/mysqld mr, /usr/share/mysql/** r, /var/lib/mysql/ r, /var/lib/mysql/** rwk, /var/log/mysql/ r, /var/log/mysql/* rw, /var/run/mysqld/mysqld.pid w, /var/run/mysqld/mysqld.sock w, } | 10 months ago | 53 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.hourly/avg | #include <tunables/global> /etc/cron.hourly/avg { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, /bin/bash ixr, /etc/cron.hourly/avg mr, /opt/grisoft/avg7/bin/avgupdate ixr, /opt/grisoft/avg7/data/* r, /opt/grisoft/avg7/etc/avg.conf r, /opt/grisoft/avg7/lib/lib*so* mr, /opt/grisoft/avg7/var/run/avgupdate.pid r, /opt/grisoft/lib/lib*so* mr, } | 9 months ago | 42 | stive | Edit | History | ||
| ubuntu-gutsy | /etc/cron.daily/5snort | #include <tunables/global> /etc/cron.daily/5snort { #include <abstractions/base> /bin/dash ixr, /etc/cron.daily/5snort mr, } | 10 months ago | 41 | stive | Edit | History |