diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-12-17 18:32:02 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-12-17 18:32:02 +0000 |
commit | d73ab29514e8431ea6810cb943a2cd3f7a94e4fd (patch) | |
tree | d6b1d6bf1cdd746a0bfa1ae6f113e254c61624b0 /contrib/apparmor | |
parent | b5074dd699c1bef42995219d6742cec281070f7b (diff) | |
download | gnunet-d73ab29514e8431ea6810cb943a2cd3f7a94e4fd.tar.gz gnunet-d73ab29514e8431ea6810cb943a2cd3f7a94e4fd.zip |
adding apparmor profile for gnunet-helper-nat-server from Jacob
Diffstat (limited to 'contrib/apparmor')
-rw-r--r-- | contrib/apparmor/usr.bin.gnunet-helper-nat-server | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/contrib/apparmor/usr.bin.gnunet-helper-nat-server b/contrib/apparmor/usr.bin.gnunet-helper-nat-server new file mode 100644 index 000000000..d590021d5 --- /dev/null +++ b/contrib/apparmor/usr.bin.gnunet-helper-nat-server | |||
@@ -0,0 +1,30 @@ | |||
1 | # ------------------------------------------------------------------ | ||
2 | # | ||
3 | # Copyright (C) 2011 Jacob Appelbaum <jacob@appelbaum.net> | ||
4 | # | ||
5 | # This program is free software; you can redistribute it and/or | ||
6 | # modify it under the terms of version 2 of the GNU General Public | ||
7 | # License published by the Free Software Foundation. | ||
8 | # | ||
9 | # This should be placed in /etc/apparmor.d/usr.sbin.gnunet-helper-nat-server | ||
10 | # This profile may be a reasonable starting point for other NAT helpers. | ||
11 | # | ||
12 | # ------------------------------------------------------------------ | ||
13 | |||
14 | #include <tunables/global> | ||
15 | /usr/bin/gnunet-helper-nat-server { | ||
16 | #include <abstractions/base> | ||
17 | #include <abstractions/consoles> | ||
18 | |||
19 | # Allow these | ||
20 | capability net_raw, | ||
21 | capability setuid, | ||
22 | network inet raw, | ||
23 | network inet dgram, # UDP IPv4 | ||
24 | |||
25 | # Deny these | ||
26 | deny network inet6 stream, # TCP IPv6 | ||
27 | deny network inet6 dgram, # UDP IPv6 | ||
28 | |||
29 | # Deny everything else by default with AppArmor | ||
30 | } | ||