felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-12 22:26:47 +01:00
parent 9e7c4c7ec8
commit ab7f45bc31
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 53 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/network/wg
View file

@ -11,11 +11,18 @@ profile wg @{exec_path} {
include <abstractions/base>
capability net_admin,
capability net_bind_service,
network inet dgram,
network inet stream,
network inet6 dgram,
network inet6 stream,
network netlink raw,
@{exec_path} mr,
/etc/wireguard/{,**} rw,
include if exists <local/wg>
}

4
apparmor.d/groups/network/wg-quick
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile wg-quick @{exec_path} {
include <abstractions/base>
capability dac_read_search,
capability net_admin,
network netlink raw,
@ -21,7 +22,8 @@ profile wg-quick @{exec_path} {
@{bin}/ip rPx,
@{bin}/nft rix,
@{bin}/readlink rix,
@{bin}/resolvectl rPx,
@{bin}/resolvconf rPx,
@{bin}/resolvectl rPUx,
@{bin}/sort rix,
@{bin}/stat rix,
@{bin}/sysctl rix,