diff options
| author | Julien Morvan <julien.morvan@outlook.com> | 2015-08-17 09:23:39 +0000 |
|---|---|---|
| committer | Julien Morvan <julien.morvan@outlook.com> | 2015-08-17 09:23:39 +0000 |
| commit | c36169b334c725ab3e626cf32617da7b87ee6594 (patch) | |
| tree | edf22a77d248b54a2b6584e6c41d01a66090392d /contrib/apparmor/abstractions | |
| parent | 01d39499bb3af0674917c7dabb3b202427273ba8 (diff) | |
| download | gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.tar.gz gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.zip | |
Diffstat (limited to 'contrib/apparmor/abstractions')
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-common | 38 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-db | 8 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-gtk | 10 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-libaudio | 23 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-sgid | 1 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-suid | 15 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/gnunet-test | 13 |
7 files changed, 55 insertions, 53 deletions
diff --git a/contrib/apparmor/abstractions/gnunet-common b/contrib/apparmor/abstractions/gnunet-common index 7d7515d80..3bf6806f5 100644 --- a/contrib/apparmor/abstractions/gnunet-common +++ b/contrib/apparmor/abstractions/gnunet-common | |||
| @@ -1,34 +1,12 @@ | |||
| 1 | # This files contains common permissions for gnunet | 1 | # This files contains common permissions for gnunet |
| 2 | 2 | ||
| 3 | /usr/share/zoneinfo/ r, | 3 | #GNUnet configuration file |
| 4 | /usr/share/zoneinfo/** r, | 4 | @{GNUNET_PREFIX}/share/gnunet/config.d/ r, |
| 5 | @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r, | ||
| 5 | 6 | ||
| 6 | /dev/urandom r, | 7 | /etc/gnunet.conf r, |
| 7 | 8 | @{HOME}/.config/gnunet.conf r, | |
| 8 | /etc/ld.so.cache r, | 9 | owner @{GNUNET_USER}/.config/gnunet.conf r, |
| 9 | |||
| 10 | @{PROC}/@{pid}/maps r, | ||
| 11 | |||
| 12 | #Gnunet configuration file | ||
| 13 | /usr/local/share/gnunet/config.d/ r, | ||
| 14 | /usr/local/share/gnunet/config.d/*.conf r, | ||
| 15 | |||
| 16 | /etc/gnunet.conf r, | ||
| 17 | owner @{HOME}/.config/gnunet.conf r, | ||
| 18 | |||
| 19 | #Librairies | ||
| 20 | /usr/lib/libc-*.so mr, | ||
| 21 | /usr/lib/libdl-*.so mr, | ||
| 22 | /usr/lib/libgcrypt.so.* mr, | ||
| 23 | /usr/lib/libltdl.so.* mr, | ||
| 24 | /usr/lib/libgpg-error.so.* mr, | ||
| 25 | /usr/lib/libm-*.so mr, | ||
| 26 | /usr/lib/libunistring.so.* mr, | ||
| 27 | /usr/lib/libz.so.* mr, | ||
| 28 | 10 | ||
| 29 | #Gnunet librairies | 11 | #GNUnet librairies |
| 30 | /usr/local/lib/libgnunetutil.so.* mr, | 12 | @{GNUNET_PREFIX}/lib/libgnunet*.so.* mr, |
| 31 | |||
| 32 | #For testbed (if the /tmp directory is used) | ||
| 33 | /tmp/testbed*/ rw, | ||
| 34 | /tmp/testbed*/** rwk, | ||
diff --git a/contrib/apparmor/abstractions/gnunet-db b/contrib/apparmor/abstractions/gnunet-db new file mode 100644 index 000000000..73b869dca --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-db | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # gnunet-db | ||
| 2 | @{GNUNET_USER}/.local/share/gnunet/namestore/ ra, | ||
| 3 | @{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db rwk, | ||
| 4 | @{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db-journal rw, | ||
| 5 | |||
| 6 | @{HOME}/.local/share/gnunet/namestore/ r, | ||
| 7 | @{HOME}/.local/share/gnunet/namestore/sqlite.db rwk, | ||
| 8 | @{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw, | ||
diff --git a/contrib/apparmor/abstractions/gnunet-gtk b/contrib/apparmor/abstractions/gnunet-gtk new file mode 100644 index 000000000..bf47adc0c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-gtk | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | # gnunet-gtk | ||
| 2 | |||
| 3 | #include <abstractions/gnunet-common> | ||
| 4 | |||
| 5 | @{PROC}/@{pid}/cmdline r, | ||
| 6 | |||
| 7 | /usr/share/gtk-*/settings.ini r, | ||
| 8 | |||
| 9 | @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/ r, | ||
| 10 | @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/gnunet-*-gtk.conf r, | ||
diff --git a/contrib/apparmor/abstractions/gnunet-libaudio b/contrib/apparmor/abstractions/gnunet-libaudio deleted file mode 100644 index 6dda03573..000000000 --- a/contrib/apparmor/abstractions/gnunet-libaudio +++ /dev/null | |||
| @@ -1,23 +0,0 @@ | |||
| 1 | /usr/lib/libFLAC.so.* mr, | ||
| 2 | /usr/lib/libXau.so.* mr, | ||
| 3 | /usr/lib/libXdmcp.so.* mr, | ||
| 4 | /usr/lib/libasyncns.so.* mr, | ||
| 5 | /usr/lib/libattr.so.* mr, | ||
| 6 | /usr/lib/libcap.so.* mr, | ||
| 7 | /usr/lib/libdbus-1.so.* mr, | ||
| 8 | /usr/lib/libjson-c.so.* mr, | ||
| 9 | /usr/lib/liblz4.so.* mr, | ||
| 10 | /usr/lib/liblzma.so.* mr, | ||
| 11 | /usr/lib/libnsl-*.so mr, | ||
| 12 | /usr/lib/libogg.so.* mr, | ||
| 13 | /usr/lib/libopus.so.* mr, | ||
| 14 | /usr/lib/libpthread-*.so mr, | ||
| 15 | /usr/lib/libpulse.so.* mr, | ||
| 16 | /usr/lib/libresolv-*.so mr, | ||
| 17 | /usr/lib/librt-*.so mr, | ||
| 18 | /usr/lib/libsndfile.so.* mr, | ||
| 19 | /usr/lib/libsystemd.so.* mr, | ||
| 20 | /usr/lib/libvorbis.so.* mr, | ||
| 21 | /usr/lib/libvorbisenc.so.* mr, | ||
| 22 | /usr/lib/libxcb.so.* mr, | ||
| 23 | /usr/lib/pulseaudio/libpulsecommon-*.so mr, | ||
diff --git a/contrib/apparmor/abstractions/gnunet-sgid b/contrib/apparmor/abstractions/gnunet-sgid new file mode 100644 index 000000000..b1a7655b1 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-sgid | |||
| @@ -0,0 +1 @@ | |||
| # gnunet-sgid | |||
diff --git a/contrib/apparmor/abstractions/gnunet-suid b/contrib/apparmor/abstractions/gnunet-suid new file mode 100644 index 000000000..a9310734c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-suid | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | # gnunet-suid | ||
| 2 | |||
| 3 | /etc/ld.so.cache mr, | ||
| 4 | /lib{,32,64}/ld{,32,64}-*.so mrix, | ||
| 5 | /lib{,32,64}/**/ld{,32,64}-*.so mrix, | ||
| 6 | /lib/@{multiarch}/ld{,32,64}-*.so mrix, | ||
| 7 | /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix, | ||
| 8 | /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix, | ||
| 9 | /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, | ||
| 10 | |||
| 11 | @{LIBPRE}@{LIBDIRS}/** r, | ||
| 12 | @{LIBPRE}@{LIBDIRS}/@{LIBS}.so* mr, | ||
| 13 | @{LIBPRE}@{LIBDIRS}/**/@{LIBS}.so* mr, | ||
| 14 | /lib/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, | ||
| 15 | /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, | ||
diff --git a/contrib/apparmor/abstractions/gnunet-test b/contrib/apparmor/abstractions/gnunet-test new file mode 100644 index 000000000..8daf3ea9c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-test | |||
| @@ -0,0 +1,13 @@ | |||
| 1 | |||
| 2 | #testbed (if the /tmp directory is used) | ||
| 3 | /tmp/testbed*/ rw, | ||
| 4 | /tmp/testbed*/** rwk, | ||
| 5 | |||
| 6 | #testbed helper | ||
| 7 | /tmp/testbed-helper*/ rw, | ||
| 8 | |||
| 9 | #gnunet-testing | ||
| 10 | /tmp/gnunet-testing* rw, | ||
| 11 | /tmp/gnunet_service_test*/ rw, | ||
| 12 | /tmp/gnunet_service_test*/** rw, | ||
| 13 | |||