Apply suggested fixes from PR
This commit is contained in:
Jeroen Rijken
Alex
parent
5af6cda328
commit
78cfb23bff
3 changed files with 59 additions and 61 deletions
|
|
@ -6,7 +6,7 @@ abi <abi/3.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}sbin/xtables-nft-multi
|
||||
@{exec_path} = /{usr/,}{s,}bin/xtables-nft-multi
|
||||
profile xtables-nft-multi @{exec_path} flags=(attach_disconnected,complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -14,19 +14,19 @@ profile xtables-nft-multi @{exec_path} flags=(attach_disconnected,complain) {
|
|||
capability net_admin,
|
||||
capability net_raw,
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet raw,
|
||||
network inet6 raw,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet raw,
|
||||
network inet6 raw,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/libnl/classid r,
|
||||
/etc/iptables/{,**} rw,
|
||||
/etc/nftables.conf rw,
|
||||
/etc/iptables/{,**} rw,
|
||||
/etc/nftables.conf rw,
|
||||
|
||||
@{PROC}/@{pids}/net/ip_tables_names r,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue