feat(profile): update network profiles.
This commit is contained in:
Alexandre Pujol
parent
fecb4dbca6
commit
d0657d2c26
5 changed files with 57 additions and 0 deletions
|
|
@ -48,6 +48,23 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
#aa:dbus talk bus=system name=org.freedesktop.nm_dispatcher label=nm-dispatcher
|
||||
#aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}"
|
||||
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=@{busname}),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=@{busname}, label=gnome-control-center),
|
||||
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=@{busname}, label=nm-online),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/nm_dispatcher
|
||||
interface=org.freedesktop.nm_dispatcher
|
||||
member=Action2
|
||||
|
|
@ -63,6 +80,11 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
member={InterfacesAdded,InterfacesRemoved}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=system path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=@{busname}, label=cockpit-bridge),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
|
@ -84,9 +106,14 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
@{lib}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
|
||||
/usr/share/netplan/netplan.script rPx,
|
||||
|
||||
@{lib}/netplan/@{int2}-network-manager-all.yaml w,
|
||||
|
||||
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
||||
/usr/share/iproute2/{,**} r,
|
||||
|
||||
/etc/netplan/ r,
|
||||
/etc/netplan/90-NM-@{uuid}.yaml r,
|
||||
|
||||
@{att}/ r,
|
||||
|
||||
/etc/ r,
|
||||
|
|
@ -110,7 +137,9 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/class/rfkill/ r,
|
||||
|
||||
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
|
||||
@{run}/systemd/resolve/io.systemd.Resolve rw,
|
||||
|
||||
@{run}/netplan/ r,
|
||||
@{run}/network/ifstate r,
|
||||
@{run}/NetworkManager/{,**} rw,
|
||||
@{run}/nm-*.pid rw,
|
||||
|
|
@ -135,6 +164,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/net/tun rw,
|
||||
/dev/rfkill rw,
|
||||
|
||||
profile systemctl {
|
||||
|
|
|
|||
|
|
@ -9,9 +9,12 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/netplan/netplan.script
|
||||
profile netplan @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/python>
|
||||
|
||||
#aa;dbus owb bus=system name=io.netplan.Netplan
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/netplan/generate rPx,
|
||||
|
|
@ -20,6 +23,8 @@ profile netplan @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/usr/share/netplan/{,**} r,
|
||||
|
||||
/etc/netplan/{,*} r,
|
||||
|
||||
@{run}/netplan/ r,
|
||||
|
||||
profile udevadm {
|
||||
|
|
@ -42,6 +47,10 @@ profile netplan @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability net_admin,
|
||||
|
||||
ptrace read peer=@{p_systemd},
|
||||
|
||||
@{run}/udev/control rw,
|
||||
|
||||
include if exists <local/netplan_systemctl>
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ profile netplan-generate @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/NetworkManager/conf.d/ rw,
|
||||
@{run}/NetworkManager/conf.d/@{int}-globally-managed-devices.conf rw,
|
||||
@{run}/NetworkManager/conf.d/@{int}-globally-managed-devices.conf.@{rand6} rw,
|
||||
@{run}/NetworkManager/conf.d/netplan.conf rw,
|
||||
@{run}/NetworkManager/conf.d/netplan.conf.@{rand6} rw,
|
||||
@{run}/NetworkManager/system-connections/ rw,
|
||||
@{run}/NetworkManager/system-connections/* rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,11 +16,25 @@ profile nmcli @{exec_path} {
|
|||
capability sys_nice,
|
||||
|
||||
#aa:dbus talk bus=system name=org.freedesktop.NetworkManager label=NetworkManager
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=InterfacesAdded
|
||||
peer=(name=@{busname}, label=NetworkManager),
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=InterfacesRemoved
|
||||
peer=(name=@{busname}, label=NetworkManager),
|
||||
dbus send bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=@{busname}, label=NetworkManager),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{pager_path} rPx -> child-pager,
|
||||
|
||||
/etc/netplan/* r,
|
||||
|
||||
owner @{HOME}/.nm-vpngate/*.ovpn r,
|
||||
owner @{HOME}/.cert/nm-openvpn/*.pem rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -66,6 +66,8 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
owner @{PROC}/@{pid}/net/route r,
|
||||
|
||||
/dev/net/tun rw,
|
||||
|
||||
profile update-resolv {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue