author: Julien Morvan <julien.morvan@outlook.com> 2015-08-17 09:23:39 +0000
committer: Julien Morvan <julien.morvan@outlook.com> 2015-08-17 09:23:39 +0000
commit: c36169b334c725ab3e626cf32617da7b87ee6594 (patch)
tree: edf22a77d248b54a2b6584e6c41d01a66090392d /contrib/apparmor/gnunet-gns-proxy-setup-ca
parent: 01d39499bb3af0674917c7dabb3b202427273ba8 (diff)
download: gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.tar.gz
gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/contrib/apparmor/gnunet-gns-proxy-setup-ca b/contrib/apparmor/gnunet-gns-proxy-setup-ca
new file mode 100644
index 000000000..cbb3fa191
--- /dev/null
+++ b/contrib/apparmor/gnunet-gns-proxy-setup-ca
@@ -0,0 +1,40 @@
+# Last Modified: Tue Aug 11 11:40:50 2015
+#include <tunables/global>
+#include <tunables/gnunet>
+profile @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca {
+  #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/user-tmp>
+  #include <abstractions/openssl>
+  /dev/tty rw,
+  /etc/passwd r,
+  /home/*/.local/share/gnunet/gns/ r,
+  /home/*/.local/share/gnunet/gns/gns_ca_cert.pem rw,
+  /home/*/.mozilla/firefox/ r,
+  /home/*/.mozilla/firefox/kw6js9xl.default/cert8.db rw,
+  /home/*/.mozilla/firefox/kw6js9xl.default/key3.db rw,
+  /home/*/.mozilla/firefox/kw6js9xl.default/secmod.db r,
+  /home/*/.pki/nssdb/cert8.db rw,
+  /home/*/.pki/nssdb/key3.db rw,
+  /home/*/.pki/nssdb/secmod.db r,
+  /home/*/.rnd rw,
+  /usr/bin/bash ix,
+  /usr/bin/cat rix,
+  /usr/bin/certtool r,
+  /usr/bin/certutil rix,
+  /usr/bin/dirname rix,
+  /usr/bin/mkdir rix,
+  /usr/bin/mktemp rix,
+  /usr/bin/openssl rix,
+  /usr/bin/rm rix,
+  /usr/bin/which rix,
+  @{GNUNET_PREFIX}/bin/gnunet-config Px,
+  @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca r,
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/gnunet>
+}
author	Julien Morvan <julien.morvan@outlook.com>	2015-08-17 09:23:39 +0000
committer	Julien Morvan <julien.morvan@outlook.com>	2015-08-17 09:23:39 +0000
commit	c36169b334c725ab3e626cf32617da7b87ee6594 (patch)
tree	edf22a77d248b54a2b6584e6c41d01a66090392d /contrib/apparmor/gnunet-gns-proxy-setup-ca
parent	01d39499bb3af0674917c7dabb3b202427273ba8 (diff)
download	gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.tar.gz gnunet-c36169b334c725ab3e626cf32617da7b87ee6594.zip

diff --git a/contrib/apparmor/gnunet-gns-proxy-setup-ca b/contrib/apparmor/gnunet-gns-proxy-setup-ca new file mode 100644 index 000000000..cbb3fa191 --- /dev/null +++ b/contrib/apparmor/gnunet-gns-proxy-setup-ca
@@ -0,0 +1,40 @@
	1	# Last Modified: Tue Aug 11 11:40:50 2015
	2	#include <tunables/global>
	3	#include <tunables/gnunet>
	4
	5	profile @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca {
	6	#include <abstractions/base>
	7	#include <abstractions/bash>
	8	#include <abstractions/user-tmp>
	9	#include <abstractions/openssl>
	10
	11	/dev/tty rw,
	12	/etc/passwd r,
	13	/home/*/.local/share/gnunet/gns/ r,
	14	/home/*/.local/share/gnunet/gns/gns_ca_cert.pem rw,
	15	/home/*/.mozilla/firefox/ r,
	16	/home/*/.mozilla/firefox/kw6js9xl.default/cert8.db rw,
	17	/home/*/.mozilla/firefox/kw6js9xl.default/key3.db rw,
	18	/home/*/.mozilla/firefox/kw6js9xl.default/secmod.db r,
	19	/home/*/.pki/nssdb/cert8.db rw,
	20	/home/*/.pki/nssdb/key3.db rw,
	21	/home/*/.pki/nssdb/secmod.db r,
	22	/home/*/.rnd rw,
	23
	24	/usr/bin/bash ix,
	25	/usr/bin/cat rix,
	26	/usr/bin/certtool r,
	27	/usr/bin/certutil rix,
	28	/usr/bin/dirname rix,
	29	/usr/bin/mkdir rix,
	30	/usr/bin/mktemp rix,
	31	/usr/bin/openssl rix,
	32	/usr/bin/rm rix,
	33	/usr/bin/which rix,
	34
	35	@{GNUNET_PREFIX}/bin/gnunet-config Px,
	36	@{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca r,
	37
	38	# Site-specific additions and overrides. See local/README for details.
	39	#include <local/gnunet>
	40	}