feat(profiles): general update.
This commit is contained in:
Alexandre Pujol
parent
c039fe6c99
commit
0e21955b0e
10 changed files with 48 additions and 44 deletions
|
|
@ -13,10 +13,8 @@ profile nmap @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/openssl>
|
||||
|
||||
capability net_raw,
|
||||
capability net_bind_service,
|
||||
|
||||
signal (receive) set=(term, kill) peer=zenmap,
|
||||
capability net_raw,
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
@ -27,12 +25,19 @@ profile nmap @{exec_path} {
|
|||
network netlink raw,
|
||||
network packet raw,
|
||||
|
||||
signal (receive) set=(term, kill) peer=zenmap,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/nmap/** r,
|
||||
|
||||
owner /tmp/zenmap-stdout-* rw,
|
||||
owner /tmp/zenmap-*.xml rw,
|
||||
|
||||
owner @{PROC}/@{pid}/net/dev r,
|
||||
owner @{PROC}/@{pid}/net/if_inet6 r,
|
||||
owner @{PROC}/@{pid}/net/route r,
|
||||
owner @{PROC}/@{pid}/net/ipv6_route r,
|
||||
owner @{PROC}/@{pid}/net/route r,
|
||||
|
||||
# unprivileged
|
||||
# @{PROC}/@{pid}/net/dev r,
|
||||
|
|
@ -40,10 +45,5 @@ profile nmap @{exec_path} {
|
|||
# @{PROC}/@{pid}/net/route r,
|
||||
# @{PROC}/@{pid}/net/ipv6_route r,
|
||||
|
||||
/usr/share/nmap/** r,
|
||||
|
||||
owner /tmp/zenmap-stdout-* rw,
|
||||
owner /tmp/zenmap-*.xml rw,
|
||||
|
||||
include if exists <local/nmap>
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue