/etc/apparmor.d/usr.bin.cobblerd is in maas-provision 2.2.2-0ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | #include <tunables/global>
/usr/bin/cobblerd {
#include <abstractions/base>
#include <abstractions/python>
#include <abstractions/nameservice>
#include <abstractions/p11-kit>
#include <abstractions/user-tmp>
# capabilities
capability dac_override,
capability chown,
# cobbler configuration
/etc/cobbler/ r,
/etc/cobbler/** r,
/var/lib/cobbler/** rwk,
/usr/share/cobbler/** rwl,
/var/www/cobbler/ w,
# pxe
/var/lib/tftpboot/ r,
/var/lib/tftpboot/** rwl,
# Needed because above is a chroot.
/usr/lib/syslinux/** rwl,
# 'r' is needed when using imfile
/var/log/cobbler/ r,
/var/log/cobbler/** rw,
# apport
/etc/default/apport r,
# distro info
/usr/share/distro-info/*csv r,
# other
/etc/lsb-release r,
/etc/debian_version r,
/usr/bin/lsb_release rix,
/etc/mtab r,
/bin/dash rmix,
/bin/chown ix,
/bin/chmod ix,
/usr/bin/rsync ix,
/usr/bin/sha1sum ix,
/usr/bin/find ix,
# Needed for cobbler not to fail. It is not used though.
/etc/xinetd.d/ rw,
/etc/xinetd.d/tftp rw,
# apt
/etc/apt/sources.list r,
/etc/apt/sources.list.d/ r,
/etc/apt/sources.list.d/** r,
/etc/apt/apt.conf.d/ r,
/etc/apt/apt.conf.d/** r,
/usr/share/python-apt/templates/ r,
/usr/share/python-apt/templates/** r,
# boot
/boot/ r,
/boot/** r,
# maas
/var/lib/maas/ r,
/var/lib/maas/** rwl,
# daemon
/usr/bin/cobblerd r,
# dnsmasq
/etc/dnsmasq.conf rw,
/etc/ethers rw,
/usr/sbin/service Cxr -> dnsmasq_service,
profile dnsmasq_service {
#include <abstractions/base>
#include <abstractions/bash>
/bin/dash ixr,
/etc/init.d/dnsmasq Uxr,
/usr/sbin/service ixr,
/usr/bin/basename ixr,
/usr/bin/env ixr,
}
}
|