abstraction file for tcpwrappers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Please include an abstraction file for TCP wappers - e.g. abstractions/tcpwap
This would include, at minimum,
```
/etc/hosts.allow r,
/etc/hosts.deny r,
```
Software built to read hosts.allow (e.g. built with libwrap0) will usually have these permissions incorporated into their AppArmor profiles.
However, the hosts.allow/deny files can reference other files in arbitrary filesystem locations - so any file references in hosts.allow must also then be added to all profiles that reference hosts.allow.
Using an abstraction would allow this to be added once.
from man 5 hosts.allow
```
A string that begins with a '/' character is treated as a file name. A host name or address is matched if it matches any host name or address pattern listed in the named file. The file format is zero or more lines with zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere a host name or address pattern can be used.
```