felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): openvpn need to load module.

Browse source 
See #811
This commit is contained in:
Alexandre Pujol 2025-08-15 10:35:19 +02:00
parent c02674593d
commit ace53f3002
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 5 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
apparmor.d/groups/network/openvpn
View file

@ -27,17 +27,12 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
# Needed to remove the following errors:
# ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
# Exiting due to fatal error
capability net_admin,
# These are needed when user/group are set in a OpenVPN config file
capability setuid,
capability setgid,
capability dac_read_search,
capability dac_override, capability dac_override,
capability dac_read_search,
capability net_admin, # create tun
capability setgid, # when user/group are set in a OpenVPN config file
capability setuid,
capability sys_module,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,