felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Profiles update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-03-17 14:01:50 +00:00
parent bb0847f5df
commit 4ff371e739
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
22 changed files with 67 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

18
apparmor.d/groups/network/NetworkManager
View file

@ -13,15 +13,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
include <abstractions/openssl>
include <abstractions/ssl_certs>
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
network inet raw,
network inet6 raw,
network netlink raw,
network packet dgram,
capability audit_write,
capability dac_override,
capability kill,
@ -33,6 +24,15 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
capability sys_chroot,
capability sys_module,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
network inet raw,
network inet6 raw,
network netlink raw,
network packet dgram,
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,

12
apparmor.d/groups/network/nm-dhcp-helper
View file

@ -10,7 +10,19 @@ include <tunables/global>
profile nm-dhcp-helper @{exec_path} {
include <abstractions/base>
network inet dgram,
network inet6 dgram,
ptrace (readby) peer=NetworkManager,
signal (receive) peer=NetworkManager,
signal (send) peer=dhclient,
@{exec_path} mr,
/var/lib/NetworkManager/*lease r,
@{run}/NetworkManager/private-dhcp rw,
include if exists <local/nm-dhcp-helper>
}

4
apparmor.d/groups/network/tailscaled
View file

@ -42,14 +42,14 @@ profile tailscaled @{exec_path} {
@{PROC}/ r,
@{PROC}/@{pid}/mounts r,
@{PROC}/@{pid}/net/{,**} r,
@{PROC}/sys/net/{,**} r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/@{pids}/fd/ r,
@{PROC}/1/cgroup r,
@{PROC}/1/stat r,
@{PROC}/1/environ r,
@{PROC}/1/stat r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/net/{,**} r,
/dev/net/tun rw,