felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): systemd-networkd: update cap.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-01 14:20:35 +01:00
parent 161078ed90
commit d8d4ec11a6
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/systemd/systemd-networkd
View file

@ -14,10 +14,12 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.freedesktop.hostname1> include <abstractions/bus/org.freedesktop.hostname1>
include <abstractions/common/systemd> include <abstractions/common/systemd>
capability bpf,
capability net_admin, capability net_admin,
capability net_bind_service, capability net_bind_service,
capability net_broadcast, capability net_broadcast,
capability net_raw, capability net_raw,
capability sys_admin,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -61,12 +63,14 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/devices/@{pci}/ r,
@{sys}/devices/@{pci}/rfkill@{int}/* r, @{sys}/devices/@{pci}/rfkill@{int}/* r,
@{sys}/devices/**/net/** r, @{sys}/devices/**/net/** r,
@{sys}/devices/@{pci}/ r,
@{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r, @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
@{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/product_version r, @{sys}/devices/virtual/dmi/id/product_version r,
@{sys}/fs/cgroup/ r,
@{sys}/kernel/btf/vmlinux r,
@{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cgroup r,
@{PROC}/pressure/* r, @{PROC}/pressure/* r,