Request 1005892: Submit golang-github-lusitaniae-apache_exporter - openSUSE Build Service

This request supersedes: request 1005457 (Show diff)

Overview

Request 1005892 accepted

- corrected comment in AppArmor profile
- added AppArmor profile
- added sandboxing options to systemd service unit

Created by stroeder over 1 year ago
In state accepted
Supersedes 1005457

Submit golang-github-lusitaniae-apache_exporter

Comments for request 1005892 1
Comments for request 1005457 2

Staging Bot (staging-bot) - over 1 year ago

@STorresi, @aeneas_jaissle, @aldemir_a, @bitshuffler, @bnicholes, @ciriarte, @dakechi, @darix, @deadpoint, @dstoecker, @ecsos, @jcavalheiro, @jubalh, @lrupp, @marostegui, @mcaj, @mge1512, @mnhauke, @mseben, @netmask, @peternixon, @psmt, @rhomann, @schubi2, @shapbot, @worldcitizen, @wrosenauer: review reminder

Login required, please login in order to comment

Witek Bedyk (witekbedyk) - over 1 year ago

target maintainer

Could you give some context on that? Will other exporters also get AppArmor profile?

Michael Ströder (stroeder) - over 1 year ago

author source maintainer

It is just hardening to prevent misusing this exporter to break out into the system.

Currently only mtail has an AppArmor profile maintained by me: https://build.opensuse.org/package/view_file/server:monitoring/mtail/apparmor-usr.sbin.mtail?expand=1

But in my local setup node-exporter also runs with a home-grown AppArmor profile and I will submit this to the package soon.

Login required, please login in order to comment

Request History

stroeder created request over 1 year ago

- corrected comment in AppArmor profile
- added AppArmor profile
- added sandboxing options to systemd service unit

ecsos accepted request over 1 year ago

openSUSE Build Service is sponsored by