well I hacked around last night and came up with this:
but it doesn't work, I have to give it a fs type, which is more difficult because I have to search for all the letters between the 2nd and 3rd blank spaces on the same line to populate a fs type variable, and I can't seem to figure out how to get grep/sed/awk to do that, ideas? If I can figure that out, then I have to write something that will only mount if that mountpoint is either ntfs, fat16 or fat32. I'm really starting to enjoy the power of bash scripts, though I'm still pretty new to it, it's amazing what you can do
I install an external disk on my sun solaris 8
this went fine and I was able to access all filesystem on the disk. the new disk is mounted on /local
then 6 hours later
files under /local/files was 1 byte in size
at the same time I received the following
error message in... (4 Replies)
My site has a few sun solaris server including out NIS server and NFS server on solaris machines. we also have few suse linux and redhat linux machine.
All our home directory is on our NFS server(sun Solaris) and this is automounted through /etc/auto_master and /etc/auto_home this worked fine... (1 Reply)
Hello,
I have a SUN Solaris 9 machine (Sun-Fire-V490).
I put a DVD in the reader to install a software. The automount procedure did not work (vold is running) : I have nothing under /cdrom
When I try "eject" command I have the answer "No default media available"
When I try to mount manually the... (3 Replies)
Folks;
I'm mounting a directory on a different SUSE 10 server from my SUSE server fine. using this mount command:
# mount 192.168.132.11:/var/local/new /var/local/new
this command above works fine but when i added a new line to my "/etc/fstab" to be mounted automatically every time i... (2 Replies)
Hi friends
I'm a newbie trying to automount a nfs shared directory. Below is the configuration I'm using
FreeBSD machine as NFS server. IP Address - 192.168.1.60
# cat /etc/exports
/shared 192.168.1.50
Solaris 10 as NFS client. IP Address - 192.168.1.50
# cat... (1 Reply)
Hello experts,
On my RHEL box when i mount a nfs file system using autofs, the df -t shows the file system as nfs only. For which mounts does it report the filesystem as autofs. ?? I actually want to see the filesystem getting reported as autofs instead of nfs. Pls guide me
I... (1 Reply)
When i export the directory where the data really is, i can specify which hosts can mount it. On the remote server i create a mount point directory and then mount it to the source servers directory (that has the data).
I need to run my script on Server X , i would login there and type in the... (11 Replies)
Discussion started by: bkilaru
11 Replies
LEARN ABOUT SUNOS
logprof.conf
LOGPROF.CONF(5) AppArmor LOGPROF.CONF(5)NAME
logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.
DESCRIPTION
The aa-logprof(1) program can be configured to have certain default behavior by the contents of logprof.conf.
The [qualifiers] section lists specific programs that should have a subset of the full ix/px/ux list when asking what mode to execute it
using.
Since creating a separate profile for /bin/bash is dangerous, we can specify that for /bin/bash, only (I)nherit, (U)nconstrained, and
(D)eny should be allowed options and only those will show up in the prompt when we're asking about adding that to a profile.
Likewise, if someone currently exec's /bin/mount in ix or px mode, things won't work, so we can provide only (U)nconstrained and (D)eny as
options.
And certain apps like grep, awk, sed, cp, and mkdir should always inherit the parent profile rather than having their own profile or
running unconfined, so for them we can specify that only (I)nherit and (D)eny are the allowed options.
Any programs that are not listed in the qualifiers section get the full (I)nherit / (P)rofile / (U)nconstrained / (D)eny option set.
If the user is doing something tricky and wants different behavior, they can tweak or remove the corresponding line in the conf file.
The [defaulthat] section lists changehat-aware programs and what hat aa-logprof(1) will collapse the entries to for that program if the
user specifies that the access should be allowed, but should not have it's own hat.
The [globs] section allows modification of the logprof rule engine with respect to globbing suggestions that the user will be prompted
with.
The format of each line is-- "<perl glob> = <apparmor glob>".
When aa-logprof(1) asks about a specific path, if the perl glob matches the path, it replaces the part of the path that matched with the
corresponding apparmor glob and adds it to the list of globbing suggestions.
Lines starting with # are comments and are ignored.
EXAMPLE
[qualifiers]
# things will very likely be painfully broken if bash has it's own profile
/bin/bash = iu
# mount doesn't work if it's confined
/bin/mount = u
# these helper utilities should inherit the parent profile and
# shouldn't have their own profiles
/bin/awk = i
/bin/grep = i
/bin/sed = i
[defaulthat]
/usr/sbin/sshd = EXEC
/usr/sbin/httpd2 = DEFAULT_URI
/usr/sbin/httpd2-prefork = DEFAULT_URI
[globs]
# /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib*
/lib/lib[^/]+so[^/]*$ = /lib/lib*so*
# strip kernel version numbers from kernel module accesses
^/lib/modules/[^/]+/ = /lib/modules/*/
# strip pid numbers from /proc accesses
^/proc/d+/ = /proc/*/
BUGS
If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), aa-logprof(1), aa-genprof(1), and
<http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 LOGPROF.CONF(5)