1 files changed, 43 insertions, 0 deletions
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
new file mode 100644
index 000000000..960cf09b5
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
@@ -0,0 +1,43 @@
+# Last Modified: Mon Jul 27 15:24:34 2015
+#include <tunables/global>
+/usr/local/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
+  #include <abstractions/gnunet-common>
+  capability net_admin,
+  capability net_raw,
+  capability setuid,
+  /dev/net/tun rw,
+  /dev/null rw,
+  /etc/gai.conf r,
+  /etc/group r,
+  /etc/iproute2/rt_tables r,
+  /etc/nsswitch.conf r,
+  /etc/protocols r,
+  @{PROC}/@{pid}/net/ip_tables_names r,
+  @{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
+  @{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
+  /usr/bin/ip rix,
+  /usr/bin/sysctl rix,
+  /usr/bin/xtables-multi rix,
+  /usr/lib/iptables/libxt_MARK.so mr,
+  /usr/lib/iptables/libxt_owner.so mr,
+  /usr/lib/iptables/libxt_standard.so mr,
+  /usr/lib/iptables/libxt_udp.so mr,
+  /usr/lib/ld-*.so r,
+  /usr/lib/libip4tc.so.* mr,
+  /usr/lib/libip6tc.so.* mr,
+  /usr/lib/libnss_files-*.so mr,
+  /usr/lib/libxtables.so.* mr,
+  /usr/lib/locale/locale-archive r,
+  /usr/local/lib/gnunet/libexec/gnunet-helper-dns mr,
+}

diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns new file mode 100644 index 000000000..960cf09b5 --- /dev/null +++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
@@ -0,0 +1,43 @@
	1	# Last Modified: Mon Jul 27 15:24:34 2015
	2	#include <tunables/global>
	3
	4	/usr/local/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
	5	#include <abstractions/gnunet-common>
	6
	7	capability net_admin,
	8	capability net_raw,
	9	capability setuid,
	10
	11	/dev/net/tun rw,
	12	/dev/null rw,
	13
	14	/etc/gai.conf r,
	15	/etc/group r,
	16	/etc/iproute2/rt_tables r,
	17	/etc/nsswitch.conf r,
	18	/etc/protocols r,
	19
	20	@{PROC}/@{pid}/net/ip_tables_names r,
	21	@{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
	22	@{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
	23
	24	/usr/bin/ip rix,
	25	/usr/bin/sysctl rix,
	26	/usr/bin/xtables-multi rix,
	27
	28	/usr/lib/iptables/libxt_MARK.so mr,
	29	/usr/lib/iptables/libxt_owner.so mr,
	30	/usr/lib/iptables/libxt_standard.so mr,
	31	/usr/lib/iptables/libxt_udp.so mr,
	32
	33	/usr/lib/ld-*.so r,
	34	/usr/lib/libip4tc.so.* mr,
	35	/usr/lib/libip6tc.so.* mr,
	36	/usr/lib/libnss_files-*.so mr,
	37
	38	/usr/lib/libxtables.so.* mr,
	39
	40	/usr/lib/locale/locale-archive r,
	41
	42	/usr/local/lib/gnunet/libexec/gnunet-helper-dns mr,
	43	}