felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add avahi

Browse source
This commit is contained in:
Jeroen Rijken 2022-08-13 16:38:50 +02:00 committed by Alex
parent 099a97cb36
commit cf63b97c9b
6 changed files with 152 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
apparmor.d/groups/avahi/avahi-autoipd Normal file
View file

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/avahi-autoipd
profile avahi-autoipd @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
signal receive set=kill,term,
@{exec_path} rm,
/etc/avahi/avahi-autoipd.action rix,
include if exists <local/avahi-autoipd>
}

32
apparmor.d/groups/avahi/avahi-browse Normal file
View file

@ -0,0 +1,32 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/avahi-browse /{usr/,}bin/avahi-browse-domains
profile avahi-browse @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dbus-strict>
dbus send bus=system path=/
interface=org.freedesktop.DBus.Peer
member=Ping,
dbus send bus=system path=/
interface=org.freedesktop.Avahi.Server
member={GetAPIVersion,GetState,ServiceTypeBrowserNew,ServiceBrowserNew},
dbus receive bus=system path=/Client[0-9]/ServiceTypeBrowser[0-9]
interface=org.freedesktop.Avahi.ServiceTypeBrowser
member={ItemNew,CacheExhausted,AllForNow},
@{exec_path} rm,
/{usr/,}lib/x86_64-linux-gnu/avahi/service-types.db rwk,
include if exists <local/avahi-browse>
}

23
apparmor.d/groups/avahi/avahi-daemon Normal file
View file

@ -0,0 +1,23 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/avahi-daemon
profile avahi-daemon @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
network inet dgram,
network inet6 dgram,
@{exec_path} rm,
/etc/avahi/** r,
include if exists <local/avahi-daemon>
}

18
apparmor.d/groups/avahi/avahi-publish Normal file
View file

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/avahi-publish /{usr/,}bin/avahi-publish-address /{usr/,}bin/avahi-publish-service
profile avahi-publish @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} rm,
include if exists <local/avahi-publish>
}

34
apparmor.d/groups/avahi/avahi-resolve Normal file
View file

@ -0,0 +1,34 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/avahi-resolve /{usr/,}bin/avahi-resolve-address /{usr/,}bin/avahi-resolve-host-name
profile avahi-resolve @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dbus-strict>
dbus send bus=system path=/
interface=org.freedesktop.DBus.Peer
member=Ping,
dbus send bus=system path=/
interface=org.freedesktop.Avahi.Server
member={GetAPIVersion,GetState,AddressResolverNew},
dbus send bus=system path=/Client[0-9]/AddressResolver[0-9]
interface=org.freedesktop.Avahi.AddressResolver
member={Free,HostNameResolverNew,},
dbus receive bus=system path=/Client[0-9]/AddressResolver[0-9]
interface=org.freedesktop.Avahi.AddressResolver
member={Failure,Found},
@{exec_path} rm,
include if exists <local/avahi-resolve>
}

18
apparmor.d/groups/avahi/avahi-set-host-name Normal file
View file

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/avahi-set-host-name
profile avahi-set-host-name @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} rm,
include if exists <local/avahi-set-host-name>
}