felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update apparmor profiles

Browse source
This commit is contained in:
Mikhail Morfikov 2020-12-24 13:55:12 +01:00
parent 156f5d4e3b
commit 756e2071e1
No known key found for this signature in database
GPG key ID: 32D9CB634796CCA1
55 changed files with 398 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/openvpn
View file

@ -29,7 +29,11 @@ profile openvpn @{exec_path} {
include <abstractions/nameservice-strict>
include <abstractions/openssl>
# Needed to remove the following errors:
# ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
# Exiting due to fatal error
capability net_admin,
# These are needed when user/group are set in a OpenVPN config file
capability setuid,
capability setgid,
@ -75,6 +79,7 @@ profile openvpn @{exec_path} {
include <abstractions/consoles>
include <abstractions/nameservice-strict>
# To be able to manage firewall rules.
capability net_admin,
/etc/openvpn/update-resolv-conf.sh r,
@ -95,6 +100,7 @@ profile openvpn @{exec_path} {
include <abstractions/consoles>
include <abstractions/nameservice-strict>
# To be able to manage firewall rules.
capability net_admin,
network netlink raw,