1 files changed, 45 insertions, 0 deletions
diff --git a/contrib/apparmor/gnunet-helper-dns b/contrib/apparmor/gnunet-helper-dns
new file mode 100644
index 000000000..b6a102585
--- /dev/null
+++ b/contrib/apparmor/gnunet-helper-dns
@@ -0,0 +1,45 @@
+# Last Modified: Mon Jul 27 15:24:34 2015
+#include <tunables/global>
+#include <tunables/gnunet>
+profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
+  #include <abstractions/gnunet-common>
+  #Capability
+  capability net_admin,
+  capability net_raw,
+  capability setuid,
+  /dev/net/tun rw,
+  /dev/null rw,
+  /etc/gai.conf r,
+  /etc/group r,
+  /etc/iproute2/rt_tables r,
+  /etc/nsswitch.conf r,
+  /etc/protocols r,
+  @{PROC}/@{pid}/net/ip_tables_names r,
+  @{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
+  @{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
+  /usr/bin/ip rix,
+  /usr/bin/sysctl rix,
+  /usr/bin/xtables-multi rix,
+  #Librairies
+  /usr/lib/iptables/libxt_MARK.so mr,
+  /usr/lib/iptables/libxt_owner.so mr,
+  /usr/lib/iptables/libxt_standard.so mr,
+  /usr/lib/iptables/libxt_udp.so mr,
+  /usr/lib/ld-*.so r,
+  /usr/lib/libip4tc.so.* mr,
+  /usr/lib/libip6tc.so.* mr,
+  /usr/lib/libnss_files-*.so mr,
+  /usr/lib/libxtables.so.* mr,
+  /usr/lib/locale/locale-archive r,
+  @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr,
+}

diff --git a/contrib/apparmor/gnunet-helper-dns b/contrib/apparmor/gnunet-helper-dns new file mode 100644 index 000000000..b6a102585 --- /dev/null +++ b/contrib/apparmor/gnunet-helper-dns
@@ -0,0 +1,45 @@
	1	# Last Modified: Mon Jul 27 15:24:34 2015
	2	#include <tunables/global>
	3	#include <tunables/gnunet>
	4
	5	profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
	6	#include <abstractions/gnunet-common>
	7
	8	#Capability
	9	capability net_admin,
	10	capability net_raw,
	11	capability setuid,
	12
	13	/dev/net/tun rw,
	14	/dev/null rw,
	15
	16	/etc/gai.conf r,
	17	/etc/group r,
	18	/etc/iproute2/rt_tables r,
	19	/etc/nsswitch.conf r,
	20	/etc/protocols r,
	21
	22	@{PROC}/@{pid}/net/ip_tables_names r,
	23	@{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
	24	@{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
	25
	26	/usr/bin/ip rix,
	27	/usr/bin/sysctl rix,
	28	/usr/bin/xtables-multi rix,
	29
	30	#Librairies
	31	/usr/lib/iptables/libxt_MARK.so mr,
	32	/usr/lib/iptables/libxt_owner.so mr,
	33	/usr/lib/iptables/libxt_standard.so mr,
	34	/usr/lib/iptables/libxt_udp.so mr,
	35	/usr/lib/ld-*.so r,
	36	/usr/lib/libip4tc.so.* mr,
	37	/usr/lib/libip6tc.so.* mr,
	38	/usr/lib/libnss_files-*.so mr,
	39
	40	/usr/lib/libxtables.so.* mr,
	41
	42	/usr/lib/locale/locale-archive r,
	43
	44	@{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr,
	45	}