aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib')
-rw-r--r--contrib/apparmor/abstractions/gnunet-common38
-rw-r--r--contrib/apparmor/abstractions/gnunet-db8
-rw-r--r--contrib/apparmor/abstractions/gnunet-gtk10
-rw-r--r--contrib/apparmor/abstractions/gnunet-libaudio23
-rw-r--r--contrib/apparmor/abstractions/gnunet-sgid1
-rw-r--r--contrib/apparmor/abstractions/gnunet-suid15
-rw-r--r--contrib/apparmor/abstractions/gnunet-test13
-rw-r--r--contrib/apparmor/gnunet-arm17
-rw-r--r--contrib/apparmor/gnunet-ats15
-rw-r--r--contrib/apparmor/gnunet-auto-share27
-rw-r--r--contrib/apparmor/gnunet-bcd14
-rw-r--r--contrib/apparmor/gnunet-cadet13
-rw-r--r--contrib/apparmor/gnunet-config13
-rw-r--r--contrib/apparmor/gnunet-conversation13
-rw-r--r--contrib/apparmor/gnunet-conversation-gtk26
-rw-r--r--contrib/apparmor/gnunet-conversation-test16
-rw-r--r--contrib/apparmor/gnunet-core13
-rw-r--r--contrib/apparmor/gnunet-daemon-exit19
-rw-r--r--contrib/apparmor/gnunet-daemon-hostlist57
-rw-r--r--contrib/apparmor/gnunet-daemon-latency-logger12
-rw-r--r--contrib/apparmor/gnunet-daemon-pt20
-rw-r--r--contrib/apparmor/gnunet-daemon-regexprofiler10
-rw-r--r--contrib/apparmor/gnunet-daemon-testbed-blacklist10
-rw-r--r--contrib/apparmor/gnunet-daemon-testbed-underlay18
-rw-r--r--contrib/apparmor/gnunet-daemon-topology20
-rw-r--r--contrib/apparmor/gnunet-datastore13
-rw-r--r--contrib/apparmor/gnunet-directory16
-rw-r--r--contrib/apparmor/gnunet-dns2gns21
-rw-r--r--contrib/apparmor/gnunet-download13
-rw-r--r--contrib/apparmor/gnunet-download-manager.scm25
-rw-r--r--contrib/apparmor/gnunet-ecc15
-rw-r--r--contrib/apparmor/gnunet-fs13
-rw-r--r--contrib/apparmor/gnunet-fs-gtk43
-rw-r--r--contrib/apparmor/gnunet-gns21
-rw-r--r--contrib/apparmor/gnunet-gns-import.sh22
-rw-r--r--contrib/apparmor/gnunet-gns-proxy41
-rw-r--r--contrib/apparmor/gnunet-gns-proxy-setup-ca40
-rw-r--r--contrib/apparmor/gnunet-gtk26
-rw-r--r--contrib/apparmor/gnunet-helper-audio-playback11
-rw-r--r--contrib/apparmor/gnunet-helper-audio-record11
-rw-r--r--contrib/apparmor/gnunet-helper-dns7
-rw-r--r--contrib/apparmor/gnunet-helper-exit8
-rw-r--r--contrib/apparmor/gnunet-helper-fs-publish14
-rw-r--r--contrib/apparmor/gnunet-helper-nat-client8
-rw-r--r--contrib/apparmor/gnunet-helper-nat-server7
-rw-r--r--contrib/apparmor/gnunet-helper-testbed30
-rw-r--r--contrib/apparmor/gnunet-helper-transport-bluetooth18
-rw-r--r--contrib/apparmor/gnunet-helper-transport-wlan7
-rw-r--r--contrib/apparmor/gnunet-helper-transport-wlan-dummy7
-rw-r--r--contrib/apparmor/gnunet-helper-vpn13
-rw-r--r--contrib/apparmor/gnunet-identity15
-rw-r--r--contrib/apparmor/gnunet-identity-gtk16
-rw-r--r--contrib/apparmor/gnunet-mesh13
-rw-r--r--contrib/apparmor/gnunet-namecache13
-rw-r--r--contrib/apparmor/gnunet-namestore21
-rw-r--r--contrib/apparmor/gnunet-namestore-fcfsd26
-rw-r--r--contrib/apparmor/gnunet-namestore-gtk27
-rw-r--r--contrib/apparmor/gnunet-nat-server13
-rw-r--r--contrib/apparmor/gnunet-nse13
-rw-r--r--contrib/apparmor/gnunet-peerinfo19
-rw-r--r--contrib/apparmor/gnunet-peerinfo-gtk17
-rw-r--r--contrib/apparmor/gnunet-peerstore13
-rw-r--r--contrib/apparmor/gnunet-publish16
-rw-r--r--contrib/apparmor/gnunet-qr15
-rw-r--r--contrib/apparmor/gnunet-resolver13
-rw-r--r--contrib/apparmor/gnunet-revocation13
-rw-r--r--contrib/apparmor/gnunet-scalarproduct13
-rw-r--r--contrib/apparmor/gnunet-scrypt19
-rw-r--r--contrib/apparmor/gnunet-search13
-rw-r--r--contrib/apparmor/gnunet-service-arm90
-rw-r--r--contrib/apparmor/gnunet-service-ats12
-rw-r--r--contrib/apparmor/gnunet-service-cadet21
-rw-r--r--contrib/apparmor/gnunet-service-conversation24
-rw-r--r--contrib/apparmor/gnunet-service-core15
-rw-r--r--contrib/apparmor/gnunet-service-datastore23
-rw-r--r--contrib/apparmor/gnunet-service-dht45
-rw-r--r--contrib/apparmor/gnunet-service-dns6
-rw-r--r--contrib/apparmor/gnunet-service-fs46
-rw-r--r--contrib/apparmor/gnunet-service-gns24
-rw-r--r--contrib/apparmor/gnunet-service-identity11
-rw-r--r--contrib/apparmor/gnunet-service-mesh19
-rw-r--r--contrib/apparmor/gnunet-service-namecache25
-rw-r--r--contrib/apparmor/gnunet-service-namestore28
-rw-r--r--contrib/apparmor/gnunet-service-nse17
-rw-r--r--contrib/apparmor/gnunet-service-peerinfo13
-rw-r--r--contrib/apparmor/gnunet-service-peerstore19
-rw-r--r--contrib/apparmor/gnunet-service-regex13
-rw-r--r--contrib/apparmor/gnunet-service-resolver21
-rw-r--r--contrib/apparmor/gnunet-service-revocation20
-rw-r--r--contrib/apparmor/gnunet-service-scalarproduct-alice8
-rw-r--r--contrib/apparmor/gnunet-service-scalarproduct-bob9
-rw-r--r--contrib/apparmor/gnunet-service-set10
-rw-r--r--contrib/apparmor/gnunet-service-statistics11
-rw-r--r--contrib/apparmor/gnunet-service-template8
-rw-r--r--contrib/apparmor/gnunet-service-testbed25
-rw-r--r--contrib/apparmor/gnunet-service-testbed-logger6
-rw-r--r--contrib/apparmor/gnunet-service-transport22
-rw-r--r--contrib/apparmor/gnunet-service-vpn16
-rw-r--r--contrib/apparmor/gnunet-set-ibf-profiler13
-rw-r--r--contrib/apparmor/gnunet-set-profiler14
-rw-r--r--contrib/apparmor/gnunet-setup57
-rw-r--r--contrib/apparmor/gnunet-statistics13
-rw-r--r--contrib/apparmor/gnunet-statistics-gtk16
-rw-r--r--contrib/apparmor/gnunet-template13
-rw-r--r--contrib/apparmor/gnunet-testbed-profiler13
-rw-r--r--contrib/apparmor/gnunet-testing20
-rw-r--r--contrib/apparmor/gnunet-transport15
-rw-r--r--contrib/apparmor/gnunet-transport-certificate-creation26
-rw-r--r--contrib/apparmor/gnunet-unindex21
-rw-r--r--contrib/apparmor/gnunet-uri16
-rw-r--r--contrib/apparmor/gnunet-vpn13
-rw-r--r--contrib/apparmor/tunables/gnunet5
112 files changed, 1326 insertions, 735 deletions
diff --git a/contrib/apparmor/abstractions/gnunet-common b/contrib/apparmor/abstractions/gnunet-common
index 7d7515d80..3bf6806f5 100644
--- a/contrib/apparmor/abstractions/gnunet-common
+++ b/contrib/apparmor/abstractions/gnunet-common
@@ -1,34 +1,12 @@
1# This files contains common permissions for gnunet 1# This files contains common permissions for gnunet
2 2
3 /usr/share/zoneinfo/ r, 3 #GNUnet configuration file
4 /usr/share/zoneinfo/** r, 4 @{GNUNET_PREFIX}/share/gnunet/config.d/ r,
5 @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r,
5 6
6 /dev/urandom r, 7 /etc/gnunet.conf r,
7 8 @{HOME}/.config/gnunet.conf r,
8 /etc/ld.so.cache r, 9 owner @{GNUNET_USER}/.config/gnunet.conf r,
9
10 @{PROC}/@{pid}/maps r,
11
12 #Gnunet configuration file
13 /usr/local/share/gnunet/config.d/ r,
14 /usr/local/share/gnunet/config.d/*.conf r,
15
16 /etc/gnunet.conf r,
17 owner @{HOME}/.config/gnunet.conf r,
18
19 #Librairies
20 /usr/lib/libc-*.so mr,
21 /usr/lib/libdl-*.so mr,
22 /usr/lib/libgcrypt.so.* mr,
23 /usr/lib/libltdl.so.* mr,
24 /usr/lib/libgpg-error.so.* mr,
25 /usr/lib/libm-*.so mr,
26 /usr/lib/libunistring.so.* mr,
27 /usr/lib/libz.so.* mr,
28 10
29 #Gnunet librairies 11 #GNUnet librairies
30 /usr/local/lib/libgnunetutil.so.* mr, 12 @{GNUNET_PREFIX}/lib/libgnunet*.so.* mr,
31
32 #For testbed (if the /tmp directory is used)
33 /tmp/testbed*/ rw,
34 /tmp/testbed*/** rwk,
diff --git a/contrib/apparmor/abstractions/gnunet-db b/contrib/apparmor/abstractions/gnunet-db
new file mode 100644
index 000000000..73b869dca
--- /dev/null
+++ b/contrib/apparmor/abstractions/gnunet-db
@@ -0,0 +1,8 @@
1# gnunet-db
2@{GNUNET_USER}/.local/share/gnunet/namestore/ ra,
3@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db rwk,
4@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db-journal rw,
5
6@{HOME}/.local/share/gnunet/namestore/ r,
7@{HOME}/.local/share/gnunet/namestore/sqlite.db rwk,
8@{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw,
diff --git a/contrib/apparmor/abstractions/gnunet-gtk b/contrib/apparmor/abstractions/gnunet-gtk
new file mode 100644
index 000000000..bf47adc0c
--- /dev/null
+++ b/contrib/apparmor/abstractions/gnunet-gtk
@@ -0,0 +1,10 @@
1# gnunet-gtk
2
3 #include <abstractions/gnunet-common>
4
5 @{PROC}/@{pid}/cmdline r,
6
7 /usr/share/gtk-*/settings.ini r,
8
9 @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/ r,
10 @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/gnunet-*-gtk.conf r,
diff --git a/contrib/apparmor/abstractions/gnunet-libaudio b/contrib/apparmor/abstractions/gnunet-libaudio
deleted file mode 100644
index 6dda03573..000000000
--- a/contrib/apparmor/abstractions/gnunet-libaudio
+++ /dev/null
@@ -1,23 +0,0 @@
1/usr/lib/libFLAC.so.* mr,
2/usr/lib/libXau.so.* mr,
3/usr/lib/libXdmcp.so.* mr,
4/usr/lib/libasyncns.so.* mr,
5/usr/lib/libattr.so.* mr,
6/usr/lib/libcap.so.* mr,
7/usr/lib/libdbus-1.so.* mr,
8/usr/lib/libjson-c.so.* mr,
9/usr/lib/liblz4.so.* mr,
10/usr/lib/liblzma.so.* mr,
11/usr/lib/libnsl-*.so mr,
12/usr/lib/libogg.so.* mr,
13/usr/lib/libopus.so.* mr,
14/usr/lib/libpthread-*.so mr,
15/usr/lib/libpulse.so.* mr,
16/usr/lib/libresolv-*.so mr,
17/usr/lib/librt-*.so mr,
18/usr/lib/libsndfile.so.* mr,
19/usr/lib/libsystemd.so.* mr,
20/usr/lib/libvorbis.so.* mr,
21/usr/lib/libvorbisenc.so.* mr,
22/usr/lib/libxcb.so.* mr,
23/usr/lib/pulseaudio/libpulsecommon-*.so mr,
diff --git a/contrib/apparmor/abstractions/gnunet-sgid b/contrib/apparmor/abstractions/gnunet-sgid
new file mode 100644
index 000000000..b1a7655b1
--- /dev/null
+++ b/contrib/apparmor/abstractions/gnunet-sgid
@@ -0,0 +1 @@
# gnunet-sgid
diff --git a/contrib/apparmor/abstractions/gnunet-suid b/contrib/apparmor/abstractions/gnunet-suid
new file mode 100644
index 000000000..a9310734c
--- /dev/null
+++ b/contrib/apparmor/abstractions/gnunet-suid
@@ -0,0 +1,15 @@
1# gnunet-suid
2
3 /etc/ld.so.cache mr,
4 /lib{,32,64}/ld{,32,64}-*.so mrix,
5 /lib{,32,64}/**/ld{,32,64}-*.so mrix,
6 /lib/@{multiarch}/ld{,32,64}-*.so mrix,
7 /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
8 /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
9 /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
10
11 @{LIBPRE}@{LIBDIRS}/** r,
12 @{LIBPRE}@{LIBDIRS}/@{LIBS}.so* mr,
13 @{LIBPRE}@{LIBDIRS}/**/@{LIBS}.so* mr,
14 /lib/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr,
15 /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr,
diff --git a/contrib/apparmor/abstractions/gnunet-test b/contrib/apparmor/abstractions/gnunet-test
new file mode 100644
index 000000000..8daf3ea9c
--- /dev/null
+++ b/contrib/apparmor/abstractions/gnunet-test
@@ -0,0 +1,13 @@
1
2 #testbed (if the /tmp directory is used)
3 /tmp/testbed*/ rw,
4 /tmp/testbed*/** rwk,
5
6 #testbed helper
7 /tmp/testbed-helper*/ rw,
8
9 #gnunet-testing
10 /tmp/gnunet-testing* rw,
11 /tmp/gnunet_service_test*/ rw,
12 /tmp/gnunet_service_test*/** rw,
13
diff --git a/contrib/apparmor/gnunet-arm b/contrib/apparmor/gnunet-arm
index d969f6af1..8e2fdd426 100644
--- a/contrib/apparmor/gnunet-arm
+++ b/contrib/apparmor/gnunet-arm
@@ -3,26 +3,19 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/bin/gnunet-arm { 5profile @{GNUNET_PREFIX}/bin/gnunet-arm {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/bin/gnunet-arm mr, 9 @{GNUNET_PREFIX}/bin/gnunet-arm mr,
9 10
10 /usr/lib/gconv/gconv-modules r,
11
12 @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, 11 @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr,
13 12
14 /dev/null ra, 13 #GNUnet service
15
16 /usr/lib/locale/locale-archive r,
17
18 /usr/share/locale/locale.alias r,
19 /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
20
21 #Gnunet service
22 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px , 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px ,
23 15
24 /tmp/gnunet-*-runtime/ rw, 16 /tmp/gnunet-*-runtime/ rw,
25 /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, 17 /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw,
26 18
27 #/tmp/gnunet-gnunet-runtime/* rw, 19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
28} 21}
diff --git a/contrib/apparmor/gnunet-ats b/contrib/apparmor/gnunet-ats
new file mode 100644
index 000000000..2c69b4ec0
--- /dev/null
+++ b/contrib/apparmor/gnunet-ats
@@ -0,0 +1,15 @@
1# Last Modified: Wed Aug 5 15:08:43 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-ats {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{HOME}/.config/gnunet.conf r,
10
11 @{GNUNET_PREFIX}/bin/gnunet-ats mr,
12
13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
15}
diff --git a/contrib/apparmor/gnunet-auto-share b/contrib/apparmor/gnunet-auto-share
new file mode 100644
index 000000000..0206acf39
--- /dev/null
+++ b/contrib/apparmor/gnunet-auto-share
@@ -0,0 +1,27 @@
1# Last Modified: Thu Aug 6 11:44:37 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-auto-share {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{HOME}/.config/gnunet.conf r,
10
11 #Directory access(?)
12 @{HOME}/gnunet-fs/ r,
13 @{HOME}/gnunet-fs/.auto-share rw,
14
15 @{GNUNET_PREFIX}/bin/gnunet-auto-share mr,
16
17 @{GNUNET_PREFIX}/bin/gnunet-publish Px,
18
19 @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr,
20
21 @{GNUNET_PREFIX}/share/gnunet/config.d/ r,
22 @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r,
23
24 # Site-specific additions and overrides. See local/README for details.
25 #include <local/gnunet>
26
27}
diff --git a/contrib/apparmor/gnunet-bcd b/contrib/apparmor/gnunet-bcd
new file mode 100644
index 000000000..2173e03b5
--- /dev/null
+++ b/contrib/apparmor/gnunet-bcd
@@ -0,0 +1,14 @@
1# Last Modified: Thu Aug 6 11:50:51 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-bcd {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-bcd mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13
14}
diff --git a/contrib/apparmor/gnunet-cadet b/contrib/apparmor/gnunet-cadet
new file mode 100644
index 000000000..ef82d742a
--- /dev/null
+++ b/contrib/apparmor/gnunet-cadet
@@ -0,0 +1,13 @@
1# Last Modified: Thu Aug 6 11:59:53 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-cadet {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-cadet mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-config b/contrib/apparmor/gnunet-config
new file mode 100644
index 000000000..28aef4259
--- /dev/null
+++ b/contrib/apparmor/gnunet-config
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 15:36:02 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-config {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-config mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-conversation b/contrib/apparmor/gnunet-conversation
new file mode 100644
index 000000000..7c14fc382
--- /dev/null
+++ b/contrib/apparmor/gnunet-conversation
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 15:41:05 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-conversation {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-conversation mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-conversation-gtk b/contrib/apparmor/gnunet-conversation-gtk
new file mode 100644
index 000000000..676cb198d
--- /dev/null
+++ b/contrib/apparmor/gnunet-conversation-gtk
@@ -0,0 +1,26 @@
1# Last Modified: Tue Aug 4 16:59:51 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk {
6 #include <abstractions/kde>
7 #include <abstractions/gnome>
8 #include <abstractions/gnunet-gtk>
9
10 @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk mr,
11
12 @{GNUNET_PREFIX}/lib/gnunet/ r,
13# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r,
14 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr,
15# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r,
16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr,
17# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r,
18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr,
19
20 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_conversation_gtk_main_window.glade r,
21
22 @{HOME}/.local/share/gnunet/private_key.ecc rk,
23
24 # Site-specific additions and overrides. See local/README for details.
25 #include <local/gnunet>
26}
diff --git a/contrib/apparmor/gnunet-conversation-test b/contrib/apparmor/gnunet-conversation-test
new file mode 100644
index 000000000..7eefec2ce
--- /dev/null
+++ b/contrib/apparmor/gnunet-conversation-test
@@ -0,0 +1,16 @@
1# Last Modified: Fri Aug 7 16:02:29 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-conversation-test {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-conversation-test mr,
10
11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px,
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-core b/contrib/apparmor/gnunet-core
new file mode 100644
index 000000000..83b1f3f83
--- /dev/null
+++ b/contrib/apparmor/gnunet-core
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 16:12:14 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-core {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-core mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-daemon-exit b/contrib/apparmor/gnunet-daemon-exit
index 95f1c57d8..3c5b99557 100644
--- a/contrib/apparmor/gnunet-daemon-exit
+++ b/contrib/apparmor/gnunet-daemon-exit
@@ -3,22 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /usr/lib/ld-*.so r,
9
10 /usr/lib/locale/locale-archive r,
11
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit mr,
13 10
14 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
15 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 12 #include <local/gnunet>
16 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr,
17 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr,
18 @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr,
21
22 /usr/share/locale/locale.alias r,
23
24} 13}
diff --git a/contrib/apparmor/gnunet-daemon-hostlist b/contrib/apparmor/gnunet-daemon-hostlist
index 82afb3848..4e21b1b30 100644
--- a/contrib/apparmor/gnunet-daemon-hostlist
+++ b/contrib/apparmor/gnunet-daemon-hostlist
@@ -3,7 +3,8 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
7 8
8 /etc/gai.conf r, 9 /etc/gai.conf r,
9 /etc/host.conf r, 10 /etc/host.conf r,
@@ -11,56 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist {
11 /etc/nsswitch.conf r, 12 /etc/nsswitch.conf r,
12 /etc/resolv.conf r, 13 /etc/resolv.conf r,
13 14
14 /usr/lib/gconv/gconv-modules r,
15
16 #Librairies
17 /usr/lib/ld-*.so r,
18 /usr/lib/libacl.so.* mr,
19 /usr/lib/libattr.so.* mr,
20 /usr/lib/libcap.so.* mr,
21 /usr/lib/libcom_err.so.* mr,
22 /usr/lib/libcrypto.so.* mr,
23 /usr/lib/libffi.so.* mr,
24 /usr/lib/libgmp.so.* mr,
25 /usr/lib/libgnurl.so.* mr,
26 /usr/lib/libgnutls.so.* mr,
27 /usr/lib/libgssapi_krb5.so.* mr,
28 /usr/lib/libhogweed.so.* mr,
29 /usr/lib/libidn.so.* mr,
30 /usr/lib/libk5crypto.so.* mr,
31 /usr/lib/libkeyutils.so.* mr,
32 /usr/lib/libkrb5.so.* mr,
33 /usr/lib/libkrb5support.so.* mr,
34 /usr/lib/liblz4.so.* mr,
35 /usr/lib/liblzma.so.* mr,
36 /usr/lib/libmicrohttpd.so.* mr,
37 /usr/lib/libnettle.so.* mr,
38 /usr/lib/libnss_dns-*.so mr,
39 /usr/lib/libnss_files-*.so mr,
40 /usr/lib/libnss_gns.so.* mr,
41 /usr/lib/libnss_myhostname.so.* mr,
42 /usr/lib/libp11-kit.so.* mr,
43 /usr/lib/libpthread-*.so mr,
44 /usr/lib/libresolv-*.so mr,
45 /usr/lib/librt-*.so mr,
46 /usr/lib/libseccomp.so.* mr,
47 /usr/lib/libssh2.so.* mr,
48 /usr/lib/libssl.so.* mr,
49 /usr/lib/libtasn1.so.* mr,
50
51 /usr/lib/locale/locale-archive r,
52
53 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist mr, 15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist mr,
54 16
55 #Gnunet librairies 17 # Site-specific additions and overrides. See local/README for details.
56 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 18 #include <local/gnunet>
57 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
58 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
59 @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr,
60 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
61 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
62 @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr,
63
64 /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
65 /usr/share/locale/locale.alias r,
66} 19}
diff --git a/contrib/apparmor/gnunet-daemon-latency-logger b/contrib/apparmor/gnunet-daemon-latency-logger
index 38053ffec..531516f1d 100644
--- a/contrib/apparmor/gnunet-daemon-latency-logger
+++ b/contrib/apparmor/gnunet-daemon-latency-logger
@@ -3,15 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /usr/lib/ld-*.so r,
9 /usr/lib/libpthread-*.so mr,
10 /usr/lib/libsqlite3.so.* mr,
11 /usr/lib/locale/locale-archive r,
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger mr,
13 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 10
14 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, 11 # Site-specific additions and overrides. See local/README for details.
15 /usr/share/locale/locale.alias r, 12 #include <local/gnunet>
16
17} 13}
diff --git a/contrib/apparmor/gnunet-daemon-pt b/contrib/apparmor/gnunet-daemon-pt
index a6460d46b..b30160c1a 100644
--- a/contrib/apparmor/gnunet-daemon-pt
+++ b/contrib/apparmor/gnunet-daemon-pt
@@ -3,23 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libidn.so.* mr,
11
12 /usr/lib/locale/locale-archive r,
13
14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt mr,
15 10
16 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
17 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 12 #include <local/gnunet>
18 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr,
23
24 /usr/share/locale/locale.alias r,
25} 13}
diff --git a/contrib/apparmor/gnunet-daemon-regexprofiler b/contrib/apparmor/gnunet-daemon-regexprofiler
index eface26d1..c47533bd0 100644
--- a/contrib/apparmor/gnunet-daemon-regexprofiler
+++ b/contrib/apparmor/gnunet-daemon-regexprofiler
@@ -2,12 +2,12 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler mr,
9 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, 10
10 @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, 11 # Site-specific additions and overrides. See local/README for details.
11 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 12 #include <local/gnunet>
12
13} 13}
diff --git a/contrib/apparmor/gnunet-daemon-testbed-blacklist b/contrib/apparmor/gnunet-daemon-testbed-blacklist
index 9dcfe321b..2f01531f8 100644
--- a/contrib/apparmor/gnunet-daemon-testbed-blacklist
+++ b/contrib/apparmor/gnunet-daemon-testbed-blacklist
@@ -2,12 +2,12 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist mr,
9 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 10
10 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, 11 # Site-specific additions and overrides. See local/README for details.
11 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, 12 #include <local/gnunet>
12
13} 13}
diff --git a/contrib/apparmor/gnunet-daemon-testbed-underlay b/contrib/apparmor/gnunet-daemon-testbed-underlay
index f11dcbca9..f9423ac7f 100644
--- a/contrib/apparmor/gnunet-daemon-testbed-underlay
+++ b/contrib/apparmor/gnunet-daemon-testbed-underlay
@@ -3,21 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libpthread-*.so mr,
11 /usr/lib/libsqlite3.so.* mr,
12
13 /usr/lib/locale/locale-archive r,
14
15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay mr,
16 10
17 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
18 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 12 #include <local/gnunet>
19 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
21
22 /usr/share/locale/locale.alias r,
23} 13}
diff --git a/contrib/apparmor/gnunet-daemon-topology b/contrib/apparmor/gnunet-daemon-topology
index b8b03082c..777baa4f3 100644
--- a/contrib/apparmor/gnunet-daemon-topology
+++ b/contrib/apparmor/gnunet-daemon-topology
@@ -3,25 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology mr,
9
10 #Gnunet librairies
11 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetfriends.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
14 @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr,
15 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
16 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
17 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
18
19 /usr/lib/ld-*.so r,
20 10
21 /usr/lib//locale/locale-archive r, 11 # Site-specific additions and overrides. See local/README for details.
22 12 #include <local/gnunet>
23 /usr/lib/gconv/gconv-modules r,
24
25 /usr/share/locale/locale.alias r,
26 /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
27} 13}
diff --git a/contrib/apparmor/gnunet-datastore b/contrib/apparmor/gnunet-datastore
new file mode 100644
index 000000000..2ade374b6
--- /dev/null
+++ b/contrib/apparmor/gnunet-datastore
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 16:29:48 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-datastore {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-datastore mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-directory b/contrib/apparmor/gnunet-directory
new file mode 100644
index 000000000..caad23e7f
--- /dev/null
+++ b/contrib/apparmor/gnunet-directory
@@ -0,0 +1,16 @@
1# Last Modified: Fri Aug 7 16:34:37 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-directory {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-directory mr,
10
11 # Access to directory ?
12
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-dns2gns b/contrib/apparmor/gnunet-dns2gns
index c860d56b0..6720c102e 100644
--- a/contrib/apparmor/gnunet-dns2gns
+++ b/contrib/apparmor/gnunet-dns2gns
@@ -3,24 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libidn.so.* mr,
11
12 /usr/lib/locale/locale-archive r,
13
14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns mr,
15 10
16 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
17 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, 12 #include <local/gnunet>
18 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr,
23 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
24
25 /usr/share/locale/locale.alias r,
26} 13}
diff --git a/contrib/apparmor/gnunet-download b/contrib/apparmor/gnunet-download
new file mode 100644
index 000000000..bcc212857
--- /dev/null
+++ b/contrib/apparmor/gnunet-download
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 16:42:43 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-download {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-download mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-download-manager.scm b/contrib/apparmor/gnunet-download-manager.scm
new file mode 100644
index 000000000..a1e8c07dd
--- /dev/null
+++ b/contrib/apparmor/gnunet-download-manager.scm
@@ -0,0 +1,25 @@
1# vim:syntax=apparmor
2# Last Modified: Tue Aug 11 11:17:17 2015
3#include <tunables/global>
4#include <tunables/gnunet>
5
6profile @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm {
7 #include <abstractions/base>
8 #include <abstractions/bash>
9
10 /dev/tty rw,
11
12 @{HOME}/.cache/guile/ccache/*-LE-*@{GNUNET_PREFIX}/bin/gnunet-download-manager.scm.go.* rw,
13
14 @{PROC}/@{pid}/statm r,
15
16 /usr/bin/bash ix,
17 /usr/bin/guile rix,
18
19 @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm r,
20
21 /usr/share/guile/**/*.scm r,
22
23 # Site-specific additions and overrides. See local/README for details.
24 #include <local/gnunet>
25}
diff --git a/contrib/apparmor/gnunet-ecc b/contrib/apparmor/gnunet-ecc
new file mode 100644
index 000000000..67e2ac4e0
--- /dev/null
+++ b/contrib/apparmor/gnunet-ecc
@@ -0,0 +1,15 @@
1# Last Modified: Fri Aug 7 16:54:41 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-ecc {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-ecc mr,
10
11 #Access to filename?
12
13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
15}
diff --git a/contrib/apparmor/gnunet-fs b/contrib/apparmor/gnunet-fs
new file mode 100644
index 000000000..4637b251b
--- /dev/null
+++ b/contrib/apparmor/gnunet-fs
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 17:09:21 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-fs {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-fs mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-fs-gtk b/contrib/apparmor/gnunet-fs-gtk
new file mode 100644
index 000000000..0ffb0b38b
--- /dev/null
+++ b/contrib/apparmor/gnunet-fs-gtk
@@ -0,0 +1,43 @@
1# Last Modified: Wed Aug 5 10:53:37 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-fs-gtk {
6 #include <abstractions/gnome>
7 #include <abstractions/kde>
8 #include <abstractions/dconf>
9 #include <abstractions/gnunet-gtk>
10 #include <abstractions/user-download>
11
12# /dev/shm/LE-* rw,
13
14 owner @{HOME}/.config/gtk-*/bookmarks r,
15 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download-child/* rw,
16 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/ r,
17 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/* rw,
18 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/ r,
19 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/** rw,
20 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/ ra,
21 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/* rw,
22 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/ ra,
23 owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/* rw,
24
25 #Acces to files to share ? (lets create a gnunet directory in home)
26 owner @{HOME}/gnunet-fs/ r,
27
28 @{GNUNET_PREFIX}/bin/gnunet-fs-gtk mr,
29
30 @{GNUNET_PREFIX}/share/gnunet-gtk/* r,
31
32 /usr/share/glib-*/schemas/gschemas.compiled r,
33
34 #abstractions/dconf but we need write right here
35 /run/user/*/dconf/user rw,
36
37 @{HOME}/.cache/thumbnails/normal/*.png r,
38
39 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px,
40
41 # Site-specific additions and overrides. See local/README for details.
42 #include <local/gnunet>
43}
diff --git a/contrib/apparmor/gnunet-gns b/contrib/apparmor/gnunet-gns
new file mode 100644
index 000000000..1b63d2506
--- /dev/null
+++ b/contrib/apparmor/gnunet-gns
@@ -0,0 +1,21 @@
1# Last Modified: Fri Aug 7 17:41:19 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile /usr/local/bin/gnunet-gns {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 /usr/local/bin/gnunet-gns mr,
10
11 /usr/local/lib/gnunet/ r,
12# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r,
13 /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr,
14# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r,
15 /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr,
16# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r,
17 /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr,
18
19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
21}
diff --git a/contrib/apparmor/gnunet-gns-import.sh b/contrib/apparmor/gnunet-gns-import.sh
new file mode 100644
index 000000000..631717ccf
--- /dev/null
+++ b/contrib/apparmor/gnunet-gns-import.sh
@@ -0,0 +1,22 @@
1# Last Modified: Tue Aug 11 10:19:01 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh {
6 #include <abstractions/base>
7 #include <abstractions/bash>
8 #include <abstractions/gnunet-common>
9
10 /dev/tty rw,
11 /usr/bin/bash ix,
12 /usr/bin/gawk rix,
13 /usr/bin/grep rix,
14 /usr/bin/which rix,
15 @{GNUNET_PREFIX}/bin/gnunet-arm Px,
16 @{GNUNET_PREFIX}/bin/gnunet-config rPx,
17 @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh r,
18 @{GNUNET_PREFIX}/bin/gnunet-identity Px,
19
20 # Site-specific additions and overrides. See local/README for details.
21 #include <local/gnunet>
22}
diff --git a/contrib/apparmor/gnunet-gns-proxy b/contrib/apparmor/gnunet-gns-proxy
index 5d24b3a5e..99a306434 100644
--- a/contrib/apparmor/gnunet-gns-proxy
+++ b/contrib/apparmor/gnunet-gns-proxy
@@ -3,48 +3,15 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /etc/ssl/openssl.cnf r, 9 /etc/ssl/openssl.cnf r,
9 10
10 @{HOME}/.local/share/gnunet/gns/gns_ca_cert.pem r, 11 @{HOME}/.local/share/gnunet/gns/gns_ca_cert.pem r,
11 12
12 #Librairies
13 /usr/lib/gconv/gconv-modules r,
14 /usr/lib/ld-*.so r,
15 /usr/lib/libcom_err.so.* mr,
16 /usr/lib/libcrypto.so.* mr,
17 /usr/lib/libffi.so.* mr,
18 /usr/lib/libgmp.so.* mr,
19 /usr/lib/libgnurl.so.* mr,
20 /usr/lib/libgnutls.so.* mr,
21 /usr/lib/libgssapi_krb5.so.* mr,
22 /usr/lib/libhogweed.so.* mr,
23 /usr/lib/libidn.so.* mr,
24 /usr/lib/libk5crypto.so.* mr,
25 /usr/lib/libkeyutils.so.* mr,
26 /usr/lib/libkrb5.so.* mr,
27 /usr/lib/libkrb5support.so.* mr,
28 /usr/lib/libltdl.so.* mr,
29 /usr/lib/libmicrohttpd.so.* mr,
30 /usr/lib/libnettle.so.* mr,
31 /usr/lib/libp11-kit.so.* mr,
32 /usr/lib/libpthread-*.so mr,
33 /usr/lib/libresolv-*.so mr,
34 /usr/lib/libssh2.so.* mr,
35 /usr/lib/libssl.so.* mr,
36 /usr/lib/libtasn1.so.* mr,
37
38 /usr/lib/locale/locale-archive r,
39
40 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy mr, 13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy mr,
41 14
42 #Gnunet librairies 15 # Site-specific additions and overrides. See local/README for details.
43 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, 16 #include <local/gnunet>
44 @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr,
45 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
46 @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr,
47
48 /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
49 /usr/share/locale/locale.alias r,
50} 17}
diff --git a/contrib/apparmor/gnunet-gns-proxy-setup-ca b/contrib/apparmor/gnunet-gns-proxy-setup-ca
new file mode 100644
index 000000000..cbb3fa191
--- /dev/null
+++ b/contrib/apparmor/gnunet-gns-proxy-setup-ca
@@ -0,0 +1,40 @@
1# Last Modified: Tue Aug 11 11:40:50 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca {
6 #include <abstractions/base>
7 #include <abstractions/bash>
8 #include <abstractions/user-tmp>
9 #include <abstractions/openssl>
10
11 /dev/tty rw,
12 /etc/passwd r,
13 /home/*/.local/share/gnunet/gns/ r,
14 /home/*/.local/share/gnunet/gns/gns_ca_cert.pem rw,
15 /home/*/.mozilla/firefox/ r,
16 /home/*/.mozilla/firefox/kw6js9xl.default/cert8.db rw,
17 /home/*/.mozilla/firefox/kw6js9xl.default/key3.db rw,
18 /home/*/.mozilla/firefox/kw6js9xl.default/secmod.db r,
19 /home/*/.pki/nssdb/cert8.db rw,
20 /home/*/.pki/nssdb/key3.db rw,
21 /home/*/.pki/nssdb/secmod.db r,
22 /home/*/.rnd rw,
23
24 /usr/bin/bash ix,
25 /usr/bin/cat rix,
26 /usr/bin/certtool r,
27 /usr/bin/certutil rix,
28 /usr/bin/dirname rix,
29 /usr/bin/mkdir rix,
30 /usr/bin/mktemp rix,
31 /usr/bin/openssl rix,
32 /usr/bin/rm rix,
33 /usr/bin/which rix,
34
35 @{GNUNET_PREFIX}/bin/gnunet-config Px,
36 @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca r,
37
38 # Site-specific additions and overrides. See local/README for details.
39 #include <local/gnunet>
40}
diff --git a/contrib/apparmor/gnunet-gtk b/contrib/apparmor/gnunet-gtk
new file mode 100644
index 000000000..336748215
--- /dev/null
+++ b/contrib/apparmor/gnunet-gtk
@@ -0,0 +1,26 @@
1# Last Modified: Wed Aug 5 11:25:26 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-gtk {
6 #include <abstractions/gnome>
7 #include <abstractions/gnunet-gtk>
8 #include <abstractions/kde>
9
10 @{GNUNET_PREFIX}/bin/gnunet-gtk mr,
11
12 #GNUnet gtk binaries
13 @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk Px,
14 @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px,
15 @{GNUNET_PREFIX}/bin/gnunet-identity-gtk Px,
16 @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk Px,
17 @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px,
18 @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk Px,
19
20 @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r,
21 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_gtk.glade r,
22
23 # Site-specific additions and overrides. See local/README for details.
24 #include <local/gnunet>
25
26}
diff --git a/contrib/apparmor/gnunet-helper-audio-playback b/contrib/apparmor/gnunet-helper-audio-playback
index b98b22b69..67d3ba371 100644
--- a/contrib/apparmor/gnunet-helper-audio-playback
+++ b/contrib/apparmor/gnunet-helper-audio-playback
@@ -2,9 +2,16 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 #include <abstractions/gnunet-libaudio> 8 #include <abstractions/audio>
8 9
9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback mr,
11
12 /etc/machine-id r,
13 owner @{HOME}/.Xauthority r,
14
15 # Site-specific additions and overrides. See local/README for details.
16 #include <local/gnunet>
10} 17}
diff --git a/contrib/apparmor/gnunet-helper-audio-record b/contrib/apparmor/gnunet-helper-audio-record
index f85b83d9f..afed73ffb 100644
--- a/contrib/apparmor/gnunet-helper-audio-record
+++ b/contrib/apparmor/gnunet-helper-audio-record
@@ -2,9 +2,16 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 #include <abstractions/gnunet-libaudio> 8 #include <abstractions/audio>
8 9
9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record mr,
11
12 /etc/machine-id r,
13 owner @{HOME}/.Xauthority r,
14
15 # Site-specific additions and overrides. See local/README for details.
16 #include <local/gnunet>
10} 17}
diff --git a/contrib/apparmor/gnunet-helper-dns b/contrib/apparmor/gnunet-helper-dns
index b6a102585..b5e219585 100644
--- a/contrib/apparmor/gnunet-helper-dns
+++ b/contrib/apparmor/gnunet-helper-dns
@@ -2,8 +2,8 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 #Capability 8 #Capability
9 capability net_admin, 9 capability net_admin,
@@ -42,4 +42,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
42 /usr/lib/locale/locale-archive r, 42 /usr/lib/locale/locale-archive r,
43 43
44 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr, 44 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr,
45
46 # Site-specific additions and overrides. See local/README for details.
47 #include <local/gnunet>
45} 48}
diff --git a/contrib/apparmor/gnunet-helper-exit b/contrib/apparmor/gnunet-helper-exit
index d185f5b80..f69e34d0c 100644
--- a/contrib/apparmor/gnunet-helper-exit
+++ b/contrib/apparmor/gnunet-helper-exit
@@ -2,11 +2,13 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 capability setuid, 8 capability setuid,
9 9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit mr,
11 11
12 # Site-specific additions and overrides. See local/README for details.
13 #include <local/gnunet-suid>
12} 14}
diff --git a/contrib/apparmor/gnunet-helper-fs-publish b/contrib/apparmor/gnunet-helper-fs-publish
index ccf0cb513..9d437194c 100644
--- a/contrib/apparmor/gnunet-helper-fs-publish
+++ b/contrib/apparmor/gnunet-helper-fs-publish
@@ -2,13 +2,17 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/user-download>
7 9
8 /usr/lib/libbz2.so.* mr, 10 /dev/shm/LE-* r,
9 /usr/lib/libextractor.so.* mr, 11
10 /usr/lib/libpthread-*.so mr, 12 /usr/share/file/misc/magic.mgc r,
11 /usr/lib/librt-*.so mr,
12 13
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish mr,
15
16 # Site-specific additions and overrides. See local/README for details.
17 #include <local/gnunet>
14} 18}
diff --git a/contrib/apparmor/gnunet-helper-nat-client b/contrib/apparmor/gnunet-helper-nat-client
index 19a563878..ead52a5f1 100644
--- a/contrib/apparmor/gnunet-helper-nat-client
+++ b/contrib/apparmor/gnunet-helper-nat-client
@@ -2,11 +2,13 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 capability setuid, 8 capability setuid,
9 9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client mr,
11 11
12 # Site-specific additions and overrides. See local/README for details.
13 #include <local/gnunet-suid>
12} 14}
diff --git a/contrib/apparmor/gnunet-helper-nat-server b/contrib/apparmor/gnunet-helper-nat-server
index 594d2de7a..d458f467f 100644
--- a/contrib/apparmor/gnunet-helper-nat-server
+++ b/contrib/apparmor/gnunet-helper-nat-server
@@ -2,11 +2,14 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 capability setuid, 8 capability setuid,
9 9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server mr,
11
12 # Site-specific additions and overrides. See local/README for details.
13 #include <local/gnunet-suid>
11 14
12} 15}
diff --git a/contrib/apparmor/gnunet-helper-testbed b/contrib/apparmor/gnunet-helper-testbed
index 22ac13347..b7b41f688 100644
--- a/contrib/apparmor/gnunet-helper-testbed
+++ b/contrib/apparmor/gnunet-helper-testbed
@@ -2,36 +2,20 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-test>
7 9
8 /dev/null rw,
9
10 /etc/gai.conf r, 10 /etc/gai.conf r,
11 11
12 /usr/lib/ld-*.so r,
13
14 /usr/lib/locale/locale-archive r,
15
16 /usr/share/locale/locale.alias r,
17 /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
18
19 /usr/lib/gconv/gconv-modules r,
20
21 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, 12 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r,
22 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed mr, 13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed mr,
23 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r, 14 #@{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r,
24 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px, 15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px,
25 16
26 #Gnunet librairies
27 @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr,
28 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
29 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
30 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
31 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
32 @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr,
33 @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr,
34 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
35
36 @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, 17 @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r,
18
19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
37} 21}
diff --git a/contrib/apparmor/gnunet-helper-transport-bluetooth b/contrib/apparmor/gnunet-helper-transport-bluetooth
new file mode 100644
index 000000000..b13ccb269
--- /dev/null
+++ b/contrib/apparmor/gnunet-helper-transport-bluetooth
@@ -0,0 +1,18 @@
1# Last Modified: Tue Jul 28 11:44:00 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5# Add extra libs for this helper(libthread and libbluetooth)
6@{LIBS}+=libpthread libbluetooth
7
8profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth {
9 #include <abstractions/gnunet-suid>
10
11 capability setuid,
12
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth mr,
14
15 # Site-specific additions and overrides. See local/README for details.
16 #include <local/gnunet-suid>
17
18}
diff --git a/contrib/apparmor/gnunet-helper-transport-wlan b/contrib/apparmor/gnunet-helper-transport-wlan
index 0f1d5cf57..296b0c978 100644
--- a/contrib/apparmor/gnunet-helper-transport-wlan
+++ b/contrib/apparmor/gnunet-helper-transport-wlan
@@ -2,11 +2,14 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 capability setuid, 8 capability setuid,
9 9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan mr,
11
12 # Site-specific additions and overrides. See local/README for details.
13 #include <local/gnunet-suid>
11 14
12} 15}
diff --git a/contrib/apparmor/gnunet-helper-transport-wlan-dummy b/contrib/apparmor/gnunet-helper-transport-wlan-dummy
index 9ad58e5d0..1c0514417 100644
--- a/contrib/apparmor/gnunet-helper-transport-wlan-dummy
+++ b/contrib/apparmor/gnunet-helper-transport-wlan-dummy
@@ -2,9 +2,12 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-suid>
7 7
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy mr, 8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy mr,
9
10 # Site-specific additions and overrides. See local/README for details.
11 #include <local/gnunet>
9 12
10} 13}
diff --git a/contrib/apparmor/gnunet-helper-vpn b/contrib/apparmor/gnunet-helper-vpn
index 9be198d76..8631b1b7c 100644
--- a/contrib/apparmor/gnunet-helper-vpn
+++ b/contrib/apparmor/gnunet-helper-vpn
@@ -2,20 +2,17 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn {
6 #include <abstractions/gnunet-suid>
6 7
7 #Capability 8 #Capability
8 capability net_admin, 9 capability net_admin,
9 capability setuid, 10 capability setuid,
10 11
11 /dev/net/tun rw, 12 /dev/net/tun rw,
12 /etc/ld.so.cache r,
13
14 #Librairies
15 /usr/lib/ld-*.so r,
16 /usr/lib/libc-*.so mr,
17 /usr/lib/libm-*.so mr,
18 13
19 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn mr,
20 15
16 # Site-specific additions and overrides. See local/README for details.
17 #include <local/gnunet>
21} 18}
diff --git a/contrib/apparmor/gnunet-identity b/contrib/apparmor/gnunet-identity
new file mode 100644
index 000000000..3aa76cc6e
--- /dev/null
+++ b/contrib/apparmor/gnunet-identity
@@ -0,0 +1,15 @@
1# Last Modified: Fri Aug 7 17:48:29 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-identity {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{HOME}/.local/share/gnunet/identity/egos/* rw,
10
11 @{GNUNET_PREFIX}/bin/gnunet-identity mr,
12
13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
15}
diff --git a/contrib/apparmor/gnunet-identity-gtk b/contrib/apparmor/gnunet-identity-gtk
new file mode 100644
index 000000000..e7abb8795
--- /dev/null
+++ b/contrib/apparmor/gnunet-identity-gtk
@@ -0,0 +1,16 @@
1# Last Modified: Wed Aug 5 11:24:55 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-identity-gtk {
6 #include <abstractions/gnome>
7 #include <abstractions/gnunet-gtk>
8 #include <abstractions/kde>
9
10 @{GNUNET_PREFIX}/bin/gnunet-identity-gtk mr,
11
12 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_identity_gtk_main_window.glade r,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-mesh b/contrib/apparmor/gnunet-mesh
new file mode 100644
index 000000000..9f5b07fc5
--- /dev/null
+++ b/contrib/apparmor/gnunet-mesh
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 18:02:28 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-mesh {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-mesh mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-namecache b/contrib/apparmor/gnunet-namecache
new file mode 100644
index 000000000..f7eca4091
--- /dev/null
+++ b/contrib/apparmor/gnunet-namecache
@@ -0,0 +1,13 @@
1# Last Modified: Fri Aug 7 18:07:23 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-namecache {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-namecache mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-namestore b/contrib/apparmor/gnunet-namestore
new file mode 100644
index 000000000..c97fad77d
--- /dev/null
+++ b/contrib/apparmor/gnunet-namestore
@@ -0,0 +1,21 @@
1# Last Modified: Mon Aug 10 11:05:21 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-namestore {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-namestore mr,
10
11 #GNUnet plugin
12# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r,
13 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr,
14# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r,
15 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr,
16# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r,
17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr,
18
19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
21}
diff --git a/contrib/apparmor/gnunet-namestore-fcfsd b/contrib/apparmor/gnunet-namestore-fcfsd
index 9c57801a9..8ac09e69b 100644
--- a/contrib/apparmor/gnunet-namestore-fcfsd
+++ b/contrib/apparmor/gnunet-namestore-fcfsd
@@ -3,29 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libffi.so.* mr,
11 /usr/lib/libgmp.so.* mr,
12 /usr/lib/libgnutls.so.* mr,
13 /usr/lib/libhogweed.so.* mr,
14 /usr/lib/libidn.so.* mr,
15 /usr/lib/libmicrohttpd.so.* mr,
16 /usr/lib/libnettle.so.* mr,
17 /usr/lib/libp11-kit.so.* mr,
18 /usr/lib/libpthread-*.so mr,
19 /usr/lib/libtasn1.so.* mr,
20
21 /usr/lib/locale/locale-archive r,
22
23 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd mr,
24 10
25 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
26 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, 12 #include <local/gnunet>
27 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
28 @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr,
29 @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr,
30 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
31} 13}
diff --git a/contrib/apparmor/gnunet-namestore-gtk b/contrib/apparmor/gnunet-namestore-gtk
new file mode 100644
index 000000000..fb3256ca9
--- /dev/null
+++ b/contrib/apparmor/gnunet-namestore-gtk
@@ -0,0 +1,27 @@
1# Last Modified: Wed Aug 5 11:24:52 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk {
6 #include <abstractions/gnome>
7 #include <abstractions/gnunet-gtk>
8 #include <abstractions/kde>
9
10 @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk mr,
11
12 @{GNUNET_PREFIX}/lib/gnunet/ r,
13
14 #GNUnet plugin
15# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r,
16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr,
17# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r,
18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr,
19# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r,
20 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr,
21
22 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_namestore_gtk_main_window.glade r,
23 @{GNUNET_PREFIX}/share/gnunet-gtk/qr_dummy.png r,
24
25 # Site-specific additions and overrides. See local/README for details.
26 #include <local/gnunet>
27}
diff --git a/contrib/apparmor/gnunet-nat-server b/contrib/apparmor/gnunet-nat-server
new file mode 100644
index 000000000..9884383a2
--- /dev/null
+++ b/contrib/apparmor/gnunet-nat-server
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 11:34:29 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-nat-server {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-nat-server mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-nse b/contrib/apparmor/gnunet-nse
new file mode 100644
index 000000000..74c0d9420
--- /dev/null
+++ b/contrib/apparmor/gnunet-nse
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 11:38:47 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-nse {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-nse mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-peerinfo b/contrib/apparmor/gnunet-peerinfo
new file mode 100644
index 000000000..0c30d38af
--- /dev/null
+++ b/contrib/apparmor/gnunet-peerinfo
@@ -0,0 +1,19 @@
1# Last Modified: Mon Aug 10 11:46:50 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-peerinfo mr,
10
11 #GNUnet plugin
12# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r,
13 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr,
14# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r,
15 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr,
16
17 # Site-specific additions and overrides. See local/README for details.
18 #include <local/gnunet>
19}
diff --git a/contrib/apparmor/gnunet-peerinfo-gtk b/contrib/apparmor/gnunet-peerinfo-gtk
new file mode 100644
index 000000000..e1e0271d8
--- /dev/null
+++ b/contrib/apparmor/gnunet-peerinfo-gtk
@@ -0,0 +1,17 @@
1# Last Modified: Tue Aug 11 16:20:57 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk {
6 #include <abstractions/gnome>
7 #include <abstractions/gnunet-gtk>
8 #include <abstractions/kde>
9
10 @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk mr,
11
12 @{GNUNET_PREFIX}/share/gnunet-gtk/* r,
13 @{GNUNET_PREFIX}/share/gnunet-gtk/flags/*.png r,
14
15 # Site-specific additions and overrides. See local/README for details.
16 #include <local/gnunet>
17}
diff --git a/contrib/apparmor/gnunet-peerstore b/contrib/apparmor/gnunet-peerstore
new file mode 100644
index 000000000..944f1bed2
--- /dev/null
+++ b/contrib/apparmor/gnunet-peerstore
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 12:03:53 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-peerstore {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-peerstore mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-publish b/contrib/apparmor/gnunet-publish
new file mode 100644
index 000000000..105ff1861
--- /dev/null
+++ b/contrib/apparmor/gnunet-publish
@@ -0,0 +1,16 @@
1# Last Modified: Thu Aug 6 12:00:00 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-publish {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8 #include <abstractions/user-download>
9
10 @{GNUNET_PREFIX}/bin/gnunet-publish mr,
11
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-qr b/contrib/apparmor/gnunet-qr
new file mode 100644
index 000000000..b893faf98
--- /dev/null
+++ b/contrib/apparmor/gnunet-qr
@@ -0,0 +1,15 @@
1# Last Modified: Tue Aug 11 16:14:05 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-qr {
6 #include <abstractions/base>
7 #include <abstractions/python>
8 #include <abstractions/gnunet-common>
9
10 /usr/bin/python3.4 ix,
11 @{GNUNET_PREFIX}/bin/gnunet-qr r,
12
13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
15}
diff --git a/contrib/apparmor/gnunet-resolver b/contrib/apparmor/gnunet-resolver
new file mode 100644
index 000000000..e5455b257
--- /dev/null
+++ b/contrib/apparmor/gnunet-resolver
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 12:21:50 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-resolver {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-resolver mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-revocation b/contrib/apparmor/gnunet-revocation
new file mode 100644
index 000000000..8cab61f4f
--- /dev/null
+++ b/contrib/apparmor/gnunet-revocation
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 15:03:13 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-revocation {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-revocation mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-scalarproduct b/contrib/apparmor/gnunet-scalarproduct
new file mode 100644
index 000000000..acf564a8c
--- /dev/null
+++ b/contrib/apparmor/gnunet-scalarproduct
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 15:13:42 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-scalarproduct {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-scalarproduct mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-scrypt b/contrib/apparmor/gnunet-scrypt
new file mode 100644
index 000000000..a184bf0a3
--- /dev/null
+++ b/contrib/apparmor/gnunet-scrypt
@@ -0,0 +1,19 @@
1# Last Modified: Mon Aug 10 15:36:34 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-scrypt {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{HOME}/.local/share/gnunet/nse/proof.dat rw,
10 @{HOME}/.local/share/gnunet/private_key.ecc rk,
11
12 @{GNUNET_PREFIX}/bin/gnunet-scrypt mr,
13
14 @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw,
15 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
16
17 # Site-specific additions and overrides. See local/README for details.
18 #include <local/gnunet>
19}
diff --git a/contrib/apparmor/gnunet-search b/contrib/apparmor/gnunet-search
new file mode 100644
index 000000000..b23f91e55
--- /dev/null
+++ b/contrib/apparmor/gnunet-search
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 15:59:45 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-search {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-search mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-service-arm b/contrib/apparmor/gnunet-service-arm
index 5a4a78657..546e6332e 100644
--- a/contrib/apparmor/gnunet-service-arm
+++ b/contrib/apparmor/gnunet-service-arm
@@ -3,37 +3,16 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /dev/null ra,
9
10 /tmp/gnunet-*-runtime/ rw, 9 /tmp/gnunet-*-runtime/ rw,
11 /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, 10# /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw,
12 /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw, 11# /tmp/gnunet-*-runtime/gnunet-service-namestore.sock r,
13 /tmp/gnunet-*-runtime/gnunet-service-identity.unix rw, 12# /tmp/gnunet-*-runtime/gnunet-service-identity.sock r,
14 /tmp/gnunet-*-runtime/gnunet-service-namestore.sock rw, 13# /tmp/gnunet-*-runtime/gnunet-service-gns.sock r,
15
16 /tmp/gnunet-system-runtime/ rw,
17 /tmp/gnunet-system-runtime/gnunet-service-*.sock rw,
18 /tmp/gnunet-system-runtime/gnunet-service-nse.unix rw,
19 /tmp/gnunet-system-runtime/gnunet-service-revocation.unix rw,
20
21 /var/lib/gnunet/.local/share/gnunet/ r,
22 /var/lib/gnunet/.local/share/gnunet/revocation.dat r,
23 /var/lib/gnunet/.local/share/gnunet/peerstore/ a,
24 /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk,
25 /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw,
26 /var/lib/gnunet/.config/gnunet.conf r,
27
28 #Librairies
29 /usr/lib/ld-*.so r,
30 /usr/lib/libpthread-*.so mr,
31 14
32 /usr/lib/libsqlite3.so.* mr, 15 /tmp/gnunet-*-runtime/gnunet-service-*.sock rw,
33
34 /usr/lib/locale/locale-archive r,
35
36 /usr/share/locale/locale-alias r,
37 16
38 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm mr, 17 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm mr,
39 18
@@ -41,7 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm {
41 20
42 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, 21 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r,
43 22
44 #Gnunet daemon 23 #GNUnet daemon
45 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit Px, 24 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit Px,
46 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px, 25 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px,
47 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger Px, 26 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger Px,
@@ -55,54 +34,9 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm {
55 34
56 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd Px, 35 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd Px,
57 36
58 #Gnunet service 37 #GNUnet service
59 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats Px, 38 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px,
60 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet Px, 39
61 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core Px, 40 # Site-specific additions and overrides. See local/README for details.
62 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation Px, 41 #include <local/gnunet>
63 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore Px,
64 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht Px,
65 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns Px,
66 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs Px,
67 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns Px,
68 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity Px,
69 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache Px,
70 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore Px,
71 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse Px,
72 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo Px,
73 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore Px,
74 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex Px,
75 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px,
76 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation Px,
77 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set Px,
78 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice Px,
79 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob Px,
80 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics Px,
81 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template Px,
82 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px,
83 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger Px,
84 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport Px,
85 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn Px,
86
87 #Gnunet helper
88 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns r,
89
90 #Gnunet librairies
91 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
92 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr,
93 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr,
94 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr,
95 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* r,
96 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
97 @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* r,
98 @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr,
99 @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr,
100 @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr,
101 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
102 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
103 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr,
104
105 #Gnunet plugin
106 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r,
107 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr,
108} 42}
diff --git a/contrib/apparmor/gnunet-service-ats b/contrib/apparmor/gnunet-service-ats
index 53e849517..8e6b35295 100644
--- a/contrib/apparmor/gnunet-service-ats
+++ b/contrib/apparmor/gnunet-service-ats
@@ -3,18 +3,16 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats mr,
9 10
10 #Gnunet librairies
11 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
14
15 #Gnunet plugin 11 #Gnunet plugin
16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r, 12# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r,
17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.so mr, 13 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.so mr,
14
15 # Site-specific additions and overrides. See local/README for details.
16 #include <local/gnunet>
18 17
19 /usr/lib/ld-*.so r,
20} 18}
diff --git a/contrib/apparmor/gnunet-service-cadet b/contrib/apparmor/gnunet-service-cadet
index 07def08ad..056ce49fa 100644
--- a/contrib/apparmor/gnunet-service-cadet
+++ b/contrib/apparmor/gnunet-service-cadet
@@ -3,24 +3,15 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies 9 /tmp/gnunet-system-runtime/gnunet-service-cadet.sock rw,
9 /usr/lib/ld-*.so r,
10 /usr/lib/libpthread-*.so mr,
11 /usr/lib/librt-*.so mr,
12 10
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet mr, 11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet mr,
14 12
15 #Gnunet librairies 13 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
16 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 14
17 @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, 15 # Site-specific additions and overrides. See local/README for details.
18 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, 16 #include <local/gnunet>
19 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
23 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
24
25 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
26} 17}
diff --git a/contrib/apparmor/gnunet-service-conversation b/contrib/apparmor/gnunet-service-conversation
index 781c239f9..740332768 100644
--- a/contrib/apparmor/gnunet-service-conversation
+++ b/contrib/apparmor/gnunet-service-conversation
@@ -3,25 +3,17 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libidn.so.* mr,
11
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation mr,
13 10
14 #Gnunet librairies 11 #GNUnet helper
15 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px,
16 @{GNUNET_PREFIX}/lib/libgnunetconversation.so.* mr, 13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px,
17 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
18 @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetmicrophone.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr,
23 @{GNUNET_PREFIX}/lib/libgnunetspeaker.so.* mr,
24 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
25 14
26 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, 15 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
16
17 # Site-specific additions and overrides. See local/README for details.
18 #include <local/gnunet>
27} 19}
diff --git a/contrib/apparmor/gnunet-service-core b/contrib/apparmor/gnunet-service-core
index 24fdd641c..4d9b28353 100644
--- a/contrib/apparmor/gnunet-service-core
+++ b/contrib/apparmor/gnunet-service-core
@@ -1,20 +1,15 @@
1# Last Modified: Thu Jul 9 10:16:30 2015 1# Last Modified: Thu Jul 9 10:16:30 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 8
9 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, 9 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
10
11 /usr/lib/ld-*.so r,
12 10
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core mr, 11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core mr,
14 12
15 #Gnunet librairies 13 # Site-specific additions and overrides. See local/README for details.
16 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 14 #include <local/gnunet>
17 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
18 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
20} 15}
diff --git a/contrib/apparmor/gnunet-service-datastore b/contrib/apparmor/gnunet-service-datastore
index 363946910..32efa4c52 100644
--- a/contrib/apparmor/gnunet-service-datastore
+++ b/contrib/apparmor/gnunet-service-datastore
@@ -1,27 +1,22 @@
1# Last Modified: Thu Jul 9 10:16:30 2015 1# Last Modified: Thu Jul 9 10:16:30 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-db>
8 9
9 /var/lib/gnunet/.local/share/gnunet/datastore/bloomfilter.sqlite rw, 10 @{GNUNET_USER}/.local/share/gnunet/datastore/bloomfilter.sqlite rw,
10 /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db rwk, 11 @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db rwk,
11 /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db-journal rw, 12 @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db-journal rw,
12
13 #Librairies
14 /usr/lib/ld-*.so r,
15 /usr/lib/libpthread-*.so mr,
16 /usr/lib/libsqlite3.so.* mr,
17 13
18 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore mr,
19 15
20 #Gnunet plugin 16 #Gnunet plugin
21 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, 17# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r,
22 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr, 18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr,
23 19
24 #Gnunet Librairies 20 # Site-specific additions and overrides. See local/README for details.
25 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 21 #include <local/gnunet>
26 @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr,
27} 22}
diff --git a/contrib/apparmor/gnunet-service-dht b/contrib/apparmor/gnunet-service-dht
index 67c45beb8..1d0922441 100644
--- a/contrib/apparmor/gnunet-service-dht
+++ b/contrib/apparmor/gnunet-service-dht
@@ -3,55 +3,34 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht mr,
9 10
10 #Gnunet librairies
11 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr,
14 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
15 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
16 @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr,
17 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
18 @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunetdatacache.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr,
23 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
24 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
25
26 #Gnunet plugin 11 #Gnunet plugin
27 @{GNUNET_PREFIX}/lib/gnunet/ r, 12 @{GNUNET_PREFIX}/lib/gnunet/ r,
28 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, 13# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r,
29 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr,
30 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, 15# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r,
31 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, 16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr,
32 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, 17# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r,
33 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, 18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr,
34 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, 19# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r,
35 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, 20 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr,
36 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, 21# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r,
37 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr,
38 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, 22 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr,
39 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, 23# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r,
40 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, 24 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr,
41 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, 25# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r,
42 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, 26 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr,
43 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, 27# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r,
44 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr, 28 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr,
45 29
46 #Librairies
47 /usr/lib/ld-*.so r,
48 /usr/lib/libextractor.so.* mr,
49 /usr/lib/libbz2.so.* mr,
50 /usr/lib/librt-*.so mr,
51 /usr/lib/libpthread-*.so mr,
52 /usr/lib/libidn.so.* mr,
53
54 /tmp/gnunet-system-runtime/gnunet-service-dht.sock w, 30 /tmp/gnunet-system-runtime/gnunet-service-dht.sock w,
55 31
56 /tmp/gnunet-datacachebloom* rw, 32 /tmp/gnunet-datacachebloom* rw,
33
34 # Site-specific additions and overrides. See local/README for details.
35 #include <local/gnunet>
57} 36}
diff --git a/contrib/apparmor/gnunet-service-dns b/contrib/apparmor/gnunet-service-dns
index ba8a31ce1..394b97eb1 100644
--- a/contrib/apparmor/gnunet-service-dns
+++ b/contrib/apparmor/gnunet-service-dns
@@ -3,12 +3,13 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns {
6 #include <abstractions/gnunet-common> 6 #include <abstractions/gnunet-sgid>
7 7
8 capability setgid, 8 capability setgid,
9 9
10 /usr/lib/ld-*.so r, 10 /usr/lib/ld-*.so r,
11 11
12 #GNUnet helper
12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns Px, 13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns Px,
13 14
14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns mr, 15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns mr,
@@ -17,4 +18,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns {
17 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, 18 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr,
18 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 19 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
19 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, 20 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr,
21
22 # Site-specific additions and overrides. See local/README for details.
23 #include <local/gnunet-sgid>
20} 24}
diff --git a/contrib/apparmor/gnunet-service-fs b/contrib/apparmor/gnunet-service-fs
index 59a74f502..70de39c2e 100644
--- a/contrib/apparmor/gnunet-service-fs
+++ b/contrib/apparmor/gnunet-service-fs
@@ -4,56 +4,34 @@
4#include <tunables/gnunet> 4#include <tunables/gnunet>
5 5
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs { 6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs {
7 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 8 #include <abstractions/gnunet-common>
8 9
9 /etc/gnunet.conf r,
10 @{HOME}/.config/gnunet.conf r,
11
12 /tmp/gnunet-system-runtime/gnunet-service-fs.sock w, 10 /tmp/gnunet-system-runtime/gnunet-service-fs.sock w,
13 11
14 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, 12 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
15 13
16 owner @{HOME}/.local/share/gnunet/fs/idxinfo.lst r, 14 owner @{HOME}/.local/share/gnunet/fs/idxinfo.lst r,
17 15
18 #Librairies
19 /usr/lib/ld-*.so r,
20 /usr/lib/libbz2.so.* mr,
21 /usr/lib/libextractor.so.* mr,
22 /usr/lib/libidn.so.* mr,
23 /usr/lib/libpthread-*.so mr,
24 /usr/lib/librt-*.so mr,
25
26 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs mr, 16 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs mr,
27 17
28 #Gnunet plugin 18 #Gnunet plugin
29 @{GNUNET_PREFIX}/lib/gnunet/ r, 19 @{GNUNET_PREFIX}/lib/gnunet/ r,
30 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, 20# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r,
31 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, 21 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr,
32 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, 22# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r,
33 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, 23 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr,
34 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, 24# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r,
35 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, 25 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr,
36 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, 26# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r,
37 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, 27 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr,
38 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, 28# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r,
39 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, 29 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr,
40 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, 30# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r,
41 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, 31 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr,
42 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, 32# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r,
43 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, 33 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr,
44 34
45 #Gnunet librairies 35 # Site-specific additions and overrides. See local/README for details.
46 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 36 #include <local/gnunet>
47 @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr,
48 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr,
49 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
50 @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr,
51 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr,
52 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
53 @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr,
54 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
55 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
56 @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr,
57 @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr,
58 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
59} 37}
diff --git a/contrib/apparmor/gnunet-service-gns b/contrib/apparmor/gnunet-service-gns
index b271eecba..25184e50d 100644
--- a/contrib/apparmor/gnunet-service-gns
+++ b/contrib/apparmor/gnunet-service-gns
@@ -4,27 +4,15 @@
4#include <tunables/gnunet> 4#include <tunables/gnunet>
5 5
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns { 6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns {
7 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 8 #include <abstractions/gnunet-common>
8 9
9 @{HOME}/.config/gnunet.conf r, 10 /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw,
10 11
11 #Librairies 12 @{HOME}/.config/gnunet.conf r,
12 /usr/lib/ld-2.21.so r,
13 /usr/lib/libidn.so.* mr,
14 13
15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns mr,
16 15
17 #Gnunet librairies 16 # Site-specific additions and overrides. See local/README for details.
18 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, 17 #include <local/gnunet>
19 @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr,
20 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
21 @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr,
22 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
23 @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr,
24 @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr,
25 @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr,
26 @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr,
27 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
28 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr,
29 @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr,
30} 18}
diff --git a/contrib/apparmor/gnunet-service-identity b/contrib/apparmor/gnunet-service-identity
index 8cf0f99b6..3e0a6bb60 100644
--- a/contrib/apparmor/gnunet-service-identity
+++ b/contrib/apparmor/gnunet-service-identity
@@ -3,17 +3,15 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /tmp/gnunet-*-runtime/ a, 9 /tmp/gnunet-*-runtime/ a,
9 10
10 /usr/lib/ld-*.so r, 11 @{GNUNET_USER}/.local/share/gnunet/identity/ a,
11 12 @{GNUNET_USER}/.local/share/gnunet/identity/egos/ ra,
12 /var/lib/gnunet/.local/share/gnunet/identity/ a,
13 /var/lib/gnunet/.local/share/gnunet/identity/egos/ ra,
14 13
15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity mr,
16 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
17 15
18 @{HOME}/.config/gnunet/identity/subsystem_defaults.conf rw, 16 @{HOME}/.config/gnunet/identity/subsystem_defaults.conf rw,
19 17
@@ -22,4 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity {
22 @{HOME}/.local/share/gnunet/identity/egos/private-zone rk, 20 @{HOME}/.local/share/gnunet/identity/egos/private-zone rk,
23 @{HOME}/.local/share/gnunet/identity/egos/short-zone rk, 21 @{HOME}/.local/share/gnunet/identity/egos/short-zone rk,
24 @{HOME}/.local/share/gnunet/identity/egos/sks-zone rk, 22 @{HOME}/.local/share/gnunet/identity/egos/sks-zone rk,
23
24 # Site-specific additions and overrides. See local/README for details.
25 #include <local/gnunet>
25} 26}
diff --git a/contrib/apparmor/gnunet-service-mesh b/contrib/apparmor/gnunet-service-mesh
new file mode 100644
index 000000000..6b7944110
--- /dev/null
+++ b/contrib/apparmor/gnunet-service-mesh
@@ -0,0 +1,19 @@
1# Last Modified: Fri Jul 3 17:37:56 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh mr,
10
11 @{HOME}/.local/share/gnunet/private_key.ecc rk,
12
13 /tmp/gnunet-system-runtime/gnunet-service-mesh.sock w,
14
15 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk,
16
17 # Site-specific additions and overrides. See local/README for details.
18 #include <local/gnunet>
19}
diff --git a/contrib/apparmor/gnunet-service-namecache b/contrib/apparmor/gnunet-service-namecache
index 8b5f21103..ddf6ab57e 100644
--- a/contrib/apparmor/gnunet-service-namecache
+++ b/contrib/apparmor/gnunet-service-namecache
@@ -3,28 +3,21 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-db>
7 9
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache mr,
9 11
10 #Gnunet librairies
11 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
14 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
15
16 #Gnunet plugin 12 #Gnunet plugin
17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r, 13# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r,
18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.so mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.so mr,
19 15
20 /var/lib/gnunet/.local/share/gnunet/namecache/ r, 16 @{GNUNET_USER}/.local/share/gnunet/namecache/ r,
21 /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db rwk, 17 @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db rwk,
22 /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db-journal rw, 18 @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db-journal rw,
23 19
24 #Librairies 20 # Site-specific additions and overrides. See local/README for details.
25 /usr/lib/libpthread-*.so mr, 21 #include <local/gnunet>
26 /usr/lib/libsqlite3.so.* mr,
27 /usr/lib/libidn.so.* mr,
28 /usr/lib/ld-*.so r,
29} 22}
30 23
diff --git a/contrib/apparmor/gnunet-service-namestore b/contrib/apparmor/gnunet-service-namestore
index 68b94e6aa..0ee993ea0 100644
--- a/contrib/apparmor/gnunet-service-namestore
+++ b/contrib/apparmor/gnunet-service-namestore
@@ -3,34 +3,18 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-db>
7 9
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore mr,
9 11
10 #Gnunet librairies
11 @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
14 @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr,
15 @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr,
16
17 #Gnunet plugin 12 #Gnunet plugin
18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, 13# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r,
19 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr,
20 15
21 #Librairies
22 /usr/lib/libidn.so.* mr,
23 /usr/lib/ld-*.so r,
24 /usr/lib/libsqlite3.so.* mr,
25 /usr/lib/libpthread-*.so mr,
26
27 /var/lib/gnunet/.local/share/gnunet/namestore/ ra,
28 /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db rwk,
29 /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db-journal rw,
30
31 @{HOME}/.local/share/gnunet/namestore/ r,
32 @{HOME}/.local/share/gnunet/namestore/sqlite.db rwk,
33 @{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw,
34
35 /tmp/gnunet-*-runtime/ a, 16 /tmp/gnunet-*-runtime/ a,
17
18 # Site-specific additions and overrides. See local/README for details.
19 #include <local/gnunet>
36} 20}
diff --git a/contrib/apparmor/gnunet-service-nse b/contrib/apparmor/gnunet-service-nse
index a3f7f2a12..6b6ecf757 100644
--- a/contrib/apparmor/gnunet-service-nse
+++ b/contrib/apparmor/gnunet-service-nse
@@ -3,22 +3,19 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse mr,
9 10
10 #Gnunet librairies 11 /tmp/gnunet-system-runtime/gnunet-service-nse.sock rw,
11 @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr,
12 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
14
15 /usr/lib/ld-*.so mr,
16
17 /tmp/gnunet-system-runtime/gnunet-service-nse.unix w,
18 12
19 @{HOME}/.local/share/gnunet/private_key.ecc rk, 13 @{HOME}/.local/share/gnunet/private_key.ecc rk,
20 owner @{HOME}/.local/share/gnunet/nse/proof.dat rw, 14 owner @{HOME}/.local/share/gnunet/nse/proof.dat rw,
21 15
22 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rwk, 16 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk,
23 /var/lib/gnunet/.local/share/gnunet/nse/proof.dat rw, 17 @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw,
18
19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
24} 21}
diff --git a/contrib/apparmor/gnunet-service-peerinfo b/contrib/apparmor/gnunet-service-peerinfo
index 1ce4a85f8..4da70eb53 100644
--- a/contrib/apparmor/gnunet-service-peerinfo
+++ b/contrib/apparmor/gnunet-service-peerinfo
@@ -1,21 +1,20 @@
1# Last Modified: Wed Jul 8 17:03:17 2015 1# Last Modified: Wed Jul 8 17:03:17 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 8
9 @{GNUNET_PREFIX}/share/gnunet/hellos/ r, 9 @{GNUNET_PREFIX}/share/gnunet/hellos/ r,
10 @{GNUNET_PREFIX}/share/gnunet/hellos/* r, 10 @{GNUNET_PREFIX}/share/gnunet/hellos/* r,
11 11
12 /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/ r, 12 @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/ r,
13 /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/* rw, 13 @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/* rw,
14 14
15 /usr/lib/ld-*.so r,
16 15
17 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo mr, 16 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo mr,
18 17
19 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, 18 # Site-specific additions and overrides. See local/README for details.
20 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 19 #include <local/gnunet>
21} 20}
diff --git a/contrib/apparmor/gnunet-service-peerstore b/contrib/apparmor/gnunet-service-peerstore
index 536e4ee0f..cbab2395e 100644
--- a/contrib/apparmor/gnunet-service-peerstore
+++ b/contrib/apparmor/gnunet-service-peerstore
@@ -3,22 +3,19 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8 #include <abstractions/gnunet-db>
8 #Librairies
9 /usr/lib/ld-*.so r,
10 /usr/lib/libpthread-*.so mr,
11 /usr/lib/libsqlite3.so.* mr,
12 9
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore mr,
14 11
15 #Gnunet Plugin 12 #Gnunet Plugin
16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, 13# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r,
17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr, 14 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr,
18 15
19 #Gnunet librairies 16 @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db rwk,
20 @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, 17 @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db-journal rw,
21 18
22 /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk, 19 # Site-specific additions and overrides. See local/README for details.
23 /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw, 20 #include <local/gnunet>
24} 21}
diff --git a/contrib/apparmor/gnunet-service-regex b/contrib/apparmor/gnunet-service-regex
index 358675dc0..ba7a4f3a5 100644
--- a/contrib/apparmor/gnunet-service-regex
+++ b/contrib/apparmor/gnunet-service-regex
@@ -3,16 +3,13 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /usr/lib/ld-*.so r,
9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex mr,
11 10
12 #Gnunet librairies 11 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
13 @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, 12
14 @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, 13 # Site-specific additions and overrides. See local/README for details.
15 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 14 #include <local/gnunet>
16
17 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
18} 15}
diff --git a/contrib/apparmor/gnunet-service-resolver b/contrib/apparmor/gnunet-service-resolver
index 6c5e3eb60..9e2002575 100644
--- a/contrib/apparmor/gnunet-service-resolver
+++ b/contrib/apparmor/gnunet-service-resolver
@@ -3,31 +3,18 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver mr,
9 10
10 #Librairies
11 /usr/lib/ld-*.so r,
12 /usr/lib/libnss_files-*.so mr,
13 /usr/lib/libnss_gns.so.* mr,
14 /usr/lib/libnss_dns-*.so mr,
15 /usr/lib/libresolv-*.so mr,
16 /usr/lib/libnss_myhostname.so.* mr,
17 /usr/lib/librt-*.so mr,
18 /usr/lib/liblzma.so.* mr,
19 /usr/lib/liblz4.so.* mr,
20 /usr/lib/libacl.so.* mr,
21 /usr/lib/libidn.so.* mr,
22 /usr/lib/libseccomp.so.* mr,
23 /usr/lib/libcap.so.* mr,
24 /usr/lib/libpthread-*.so mr,
25 /usr/lib/libattr.so.* mr,
26
27 /etc/nsswitch.conf r, 11 /etc/nsswitch.conf r,
28 /etc/resolv.conf r, 12 /etc/resolv.conf r,
29 /etc/host.conf r, 13 /etc/host.conf r,
30 /etc/hosts r, 14 /etc/hosts r,
31 15
32 /tmp/gnunet-system-runtime/gnunet-service-resolver.sock w, 16 /tmp/gnunet-system-runtime/gnunet-service-resolver.sock w,
17
18 # Site-specific additions and overrides. See local/README for details.
19 #include <local/gnunet>
33} 20}
diff --git a/contrib/apparmor/gnunet-service-revocation b/contrib/apparmor/gnunet-service-revocation
index 6e6412820..cd3c59f03 100644
--- a/contrib/apparmor/gnunet-service-revocation
+++ b/contrib/apparmor/gnunet-service-revocation
@@ -1,27 +1,19 @@
1# Last Modified: Thu Jul 9 10:16:30 2015 1# Last Modified: Thu Jul 9 10:16:30 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 8
9 /etc/gnunet.conf r, 9 /tmp/gnunet-system-runtime/gnunet-service-revocation.sock rw,
10 @{HOME}/.config/gnunet.conf r,
11
12 /tmp/gnunet-system-runtime/gnunet-service-revocation.unix w,
13 10
14 /var/lib/gnunet/.local/share/gnunet/revocation.dat rw, 11 @{GNUNET_USER}/.local/share/gnunet/revocation.dat rw,
15 12
16 @{HOME}/.local/share/gnunet/revocation.dat rw, 13 @{HOME}/.local/share/gnunet/revocation.dat rw,
17 14
18 /usr/lib/ld-*.so r,
19
20 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation mr, 15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation mr,
21 16
22 #Gnunet librairies 17 # Site-specific additions and overrides. See local/README for details.
23 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, 18 #include <local/gnunet>
24 @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr,
25 @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr,
26 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
27} 19}
diff --git a/contrib/apparmor/gnunet-service-scalarproduct-alice b/contrib/apparmor/gnunet-service-scalarproduct-alice
index 7a7ba77d5..8801ca824 100644
--- a/contrib/apparmor/gnunet-service-scalarproduct-alice
+++ b/contrib/apparmor/gnunet-service-scalarproduct-alice
@@ -3,11 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /usr/lib/ld-*.so r,
9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice mr,
10 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 10
11 @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, 11 # Site-specific additions and overrides. See local/README for details.
12 12 #include <local/gnunet>
13} 13}
diff --git a/contrib/apparmor/gnunet-service-scalarproduct-bob b/contrib/apparmor/gnunet-service-scalarproduct-bob
index a7faae9d0..72a7e7f84 100644
--- a/contrib/apparmor/gnunet-service-scalarproduct-bob
+++ b/contrib/apparmor/gnunet-service-scalarproduct-bob
@@ -3,12 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /usr/lib/ld-*.so r,
9
10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob mr,
11 10
12 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 11 # Site-specific additions and overrides. See local/README for details.
13 @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, 12 #include <local/gnunet>
14} 13}
diff --git a/contrib/apparmor/gnunet-service-set b/contrib/apparmor/gnunet-service-set
index 4aa0253d8..000884cd6 100644
--- a/contrib/apparmor/gnunet-service-set
+++ b/contrib/apparmor/gnunet-service-set
@@ -3,15 +3,11 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set mr, 9 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set mr,
9 10
10 #Gnunet librairies 11 # Site-specific additions and overrides. See local/README for details.
11 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 12 #include <local/gnunet>
12 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
13 @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr,
14
15 #Librairies
16 /usr/lib/ld-*.so r,
17} 13}
diff --git a/contrib/apparmor/gnunet-service-statistics b/contrib/apparmor/gnunet-service-statistics
index e26e30edc..e5a8df7c4 100644
--- a/contrib/apparmor/gnunet-service-statistics
+++ b/contrib/apparmor/gnunet-service-statistics
@@ -1,16 +1,15 @@
1# Last Modified: Thu Jul 9 10:16:30 2015 1# Last Modified: Thu Jul 9 10:16:30 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 8
9 /var/lib/gnunet/.local/share/gnunet/statistics.dat rw, 9 @{GNUNET_USER}/.local/share/gnunet/statistics.dat rw,
10
11 /usr/lib/ld-*.so r,
12 10
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics mr, 11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics mr,
14 12
15 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, 13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
16} 15}
diff --git a/contrib/apparmor/gnunet-service-template b/contrib/apparmor/gnunet-service-template
index 824183e78..4b442239f 100644
--- a/contrib/apparmor/gnunet-service-template
+++ b/contrib/apparmor/gnunet-service-template
@@ -3,14 +3,14 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 /tmp/gnunet-system-runtime/ w, 9 /tmp/gnunet-system-runtime/ w,
9 /tmp/gnunet-system-runtime/gnunet-service-template.sock w, 10 /tmp/gnunet-system-runtime/gnunet-service-template.sock w,
10 11
11 #Librairies
12 /usr/lib/ld-*.so r,
13
14 #Gnunet Librairies
15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template mr, 12 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template mr,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16} 16}
diff --git a/contrib/apparmor/gnunet-service-testbed b/contrib/apparmor/gnunet-service-testbed
index 06e8f36ea..24f5c4525 100644
--- a/contrib/apparmor/gnunet-service-testbed
+++ b/contrib/apparmor/gnunet-service-testbed
@@ -2,8 +2,10 @@
2#include <tunables/global> 2#include <tunables/global>
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(complain) { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-test>
7 9
8 /etc/gai.conf r, 10 /etc/gai.conf r,
9 11
@@ -11,26 +13,17 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(compla
11 /tmp/gnunet-system-runtime/gnunet-service-testbed-barrier.sock w, 13 /tmp/gnunet-system-runtime/gnunet-service-testbed-barrier.sock w,
12 /tmp/gnunet-system-runtime/gnunet-service-testbed.sock w, 14 /tmp/gnunet-system-runtime/gnunet-service-testbed.sock w,
13 15
14 /usr/lib/ld-*.so r,
15
16 /dev/null r,
17
18 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-* r, 16 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-* r,
19 17
20 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, 18 @{GNUNET_PREFIX}/lib/gnunet/libexec/ r,
21 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px, 19 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px,
22 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed mr, 20 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed mr,
23 21
24 #Gnunet librairies
25 @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr,
26 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr,
27 @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr,
28 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
29 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
30 @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr,
31 @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr,
32 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
33
34 @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, 22 @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r,
35 23
24 #GNUnet helper
25 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed Px,
26
27 # Site-specific additions and overrides. See local/README for details.
28 #include <local/gnunet>
36} 29}
diff --git a/contrib/apparmor/gnunet-service-testbed-logger b/contrib/apparmor/gnunet-service-testbed-logger
index 5bd6a77d3..0baefb466 100644
--- a/contrib/apparmor/gnunet-service-testbed-logger
+++ b/contrib/apparmor/gnunet-service-testbed-logger
@@ -3,6 +3,7 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7 8
8 #??? 9 #???
@@ -11,7 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger {
11 /tmp/gnunet-system-runtime/ w, 12 /tmp/gnunet-system-runtime/ w,
12 /tmp/gnunet-system-runtime/gnunet-gnunet-testbed-logger.sock w, 13 /tmp/gnunet-system-runtime/gnunet-gnunet-testbed-logger.sock w,
13 14
14 /usr/lib/ld-*.so r,
15
16 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger mr, 15 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger mr,
16
17 # Site-specific additions and overrides. See local/README for details.
18 #include <local/gnunet>
17} 19}
diff --git a/contrib/apparmor/gnunet-service-transport b/contrib/apparmor/gnunet-service-transport
index 52985cf1b..ab724c153 100644
--- a/contrib/apparmor/gnunet-service-transport
+++ b/contrib/apparmor/gnunet-service-transport
@@ -1,29 +1,21 @@
1# Last Modified: Thu Jul 9 10:16:30 2015 1# Last Modified: Thu Jul 9 10:16:30 2015
2
3#include <tunables/global> 2#include <tunables/global>
4#include <tunables/gnunet> 3#include <tunables/gnunet>
5 4
6profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
8 8
9 /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, 9 @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk,
10
11 /usr/lib/ld-*.so r,
12 10
13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport mr, 11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport mr,
14 12
15 #Gnunet plugin 13 #Gnunet plugin
16 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, 14# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r,
17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, 15 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr,
18 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, 16# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r,
19 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, 17 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr,
20 18
21 #Gnunet librairies 19 # Site-specific additions and overrides. See local/README for details.
22 @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, 20 #include <local/gnunet>
23 @{GNUNET_PREFIX}/lib/libgnunetfragmentation.so.* mr,
24 @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr,
25 @{GNUNET_PREFIX}/lib/libgnunetnat.so.* mr,
26 @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr,
27 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
28 @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr,
29} 21}
diff --git a/contrib/apparmor/gnunet-service-vpn b/contrib/apparmor/gnunet-service-vpn
index 2d3438bf6..d17925f1b 100644
--- a/contrib/apparmor/gnunet-service-vpn
+++ b/contrib/apparmor/gnunet-service-vpn
@@ -3,25 +3,15 @@
3#include <tunables/gnunet> 3#include <tunables/gnunet>
4 4
5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn { 5profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn {
6 #include <abstractions/base>
6 #include <abstractions/gnunet-common> 7 #include <abstractions/gnunet-common>
7
8 #Capability
9 capability setuid,
10 capability net_admin,
11 8
12 /dev/net/tun rw,
13 9
14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn mr, 10 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn mr,
15 11
16 #Librairies
17 /usr/lib/ld-*.so r,
18
19 #Gnunet helper 12 #Gnunet helper
20 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn Px, 13 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn Px,
21 14
22 #Gnunet librairies 15 # Site-specific additions and overrides. See local/README for details.
23 @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, 16 #include <local/gnunet>
24 @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr,
25 @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr,
26 @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr,
27} 17}
diff --git a/contrib/apparmor/gnunet-set-ibf-profiler b/contrib/apparmor/gnunet-set-ibf-profiler
new file mode 100644
index 000000000..71fa98649
--- /dev/null
+++ b/contrib/apparmor/gnunet-set-ibf-profiler
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 18:15:38 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-set-profiler b/contrib/apparmor/gnunet-set-profiler
new file mode 100644
index 000000000..f72c4a226
--- /dev/null
+++ b/contrib/apparmor/gnunet-set-profiler
@@ -0,0 +1,14 @@
1# Last Modified: Mon Aug 10 18:17:19 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-set-profiler {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{HOME}/.local/share/gnunet/private_key.ecc rk,
10 @{GNUNET_PREFIX}/bin/gnunet-set-profiler mr,
11
12 # Site-specific additions and overrides. See local/README for details.
13 #include <local/gnunet>
14}
diff --git a/contrib/apparmor/gnunet-setup b/contrib/apparmor/gnunet-setup
new file mode 100644
index 000000000..9243dd75e
--- /dev/null
+++ b/contrib/apparmor/gnunet-setup
@@ -0,0 +1,57 @@
1# Last Modified: Tue Aug 11 16:25:03 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-setup {
6 #include <abstractions/gnome>
7 #include <abstractions/gnunet-gtk>
8 #include <abstractions/kde>
9
10 /etc/nsswitch.conf r,
11 /etc/passwd r,
12 @{PROC}/@{pid}/fd/ r,
13
14 /usr/bin/exo-open rix,
15
16 @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px,
17 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px,
18
19 @{GNUNET_PREFIX}/bin/gnunet-setup mr,
20
21 @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r,
22 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_setup_main_window.glade r,
23
24 @{HOME}/.config/gtk-*/bookmarks r,
25
26 #GNUnet plugin
27# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r,
28 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr,
29# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.la r,
30 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.so mr,
31# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.la r,
32 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.so mr,
33# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r,
34 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr,
35# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r,
36 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr,
37# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.la r,
38 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.so mr,
39# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.la r,
40 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.so mr,
41# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.la r,
42 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.so mr,
43# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.la r,
44 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.so mr,
45# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r,
46 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr,
47# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r,
48 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr,
49# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.la r,
50 @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.so mr,
51
52 /usr/share/glib-*/schemas/gschemas.compiled r,
53 /usr/share/gtk-*/gtkrc r,
54
55 # Site-specific additions and overrides. See local/README for details.
56 #include <local/gnunet>
57}
diff --git a/contrib/apparmor/gnunet-statistics b/contrib/apparmor/gnunet-statistics
new file mode 100644
index 000000000..d9538e35b
--- /dev/null
+++ b/contrib/apparmor/gnunet-statistics
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 16:15:07 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-statistics {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-statistics mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-statistics-gtk b/contrib/apparmor/gnunet-statistics-gtk
new file mode 100644
index 000000000..2e13b8ada
--- /dev/null
+++ b/contrib/apparmor/gnunet-statistics-gtk
@@ -0,0 +1,16 @@
1# Last Modified: Wed Aug 5 11:25:27 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk {
6 #include <abstractions/kde>
7 #include <abstractions/gnome>
8 #include <abstractions/gnunet-gtk>
9
10 @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk mr,
11
12 @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_statistics_gtk_main_window.glade r,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-template b/contrib/apparmor/gnunet-template
new file mode 100644
index 000000000..844dc22ae
--- /dev/null
+++ b/contrib/apparmor/gnunet-template
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 16:22:33 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-template {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-template mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-testbed-profiler b/contrib/apparmor/gnunet-testbed-profiler
new file mode 100644
index 000000000..0f8d79ad9
--- /dev/null
+++ b/contrib/apparmor/gnunet-testbed-profiler
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 16:38:17 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/gnunet-testing b/contrib/apparmor/gnunet-testing
new file mode 100644
index 000000000..a0cac673d
--- /dev/null
+++ b/contrib/apparmor/gnunet-testing
@@ -0,0 +1,20 @@
1# Last Modified: Mon Aug 10 16:54:53 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-testing {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8 #include <abstractions/gnunet-test>
9
10 /etc/gai.conf r,
11
12 @{GNUNET_PREFIX}/bin/gnunet-testing mr,
13
14 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px,
15
16 @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r,
17
18 # Site-specific additions and overrides. See local/README for details.
19 #include <local/gnunet>
20}
diff --git a/contrib/apparmor/gnunet-transport b/contrib/apparmor/gnunet-transport
new file mode 100644
index 000000000..70b0cd228
--- /dev/null
+++ b/contrib/apparmor/gnunet-transport
@@ -0,0 +1,15 @@
1# Last Modified: Mon Aug 10 17:17:40 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-transport {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-transport mr,
10
11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px,
12
13 # Site-specific additions and overrides. See local/README for details.
14 #include <local/gnunet>
15}
diff --git a/contrib/apparmor/gnunet-transport-certificate-creation b/contrib/apparmor/gnunet-transport-certificate-creation
new file mode 100644
index 000000000..fa65305d7
--- /dev/null
+++ b/contrib/apparmor/gnunet-transport-certificate-creation
@@ -0,0 +1,26 @@
1# Last Modified: Mon Aug 10 17:31:32 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation {
6 #include <abstractions/base>
7 #include <abstractions/openssl>
8 #include <abstractions/gnunet-common>
9
10 @{HOME}/.rnd rw,
11
12 @{PROC}/meminfo r,
13
14 /usr/bin/openssl rix,
15
16 @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation mr,
17
18 #Access to arg privatekey and certificate ?
19 @{HOME}/ rw,
20 @{HOME}/** rw,
21 deny @{HOME}/.*/ rw,
22 deny @{HOME}/.*/** rw,
23
24 # Site-specific additions and overrides. See local/README for details.
25 #include <local/gnunet>
26}
diff --git a/contrib/apparmor/gnunet-unindex b/contrib/apparmor/gnunet-unindex
new file mode 100644
index 000000000..e94a33152
--- /dev/null
+++ b/contrib/apparmor/gnunet-unindex
@@ -0,0 +1,21 @@
1# Last Modified: Mon Aug 10 17:40:53 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-unindex {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-unindex mr,
10
11 @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px,
12
13 #Path to files to unindex ?
14 @{HOME}/ rw,
15 @{HOME}/** rw,
16 deny @{HOME}/.*/ rw,
17 deny @{HOME}/.*/** rw,
18
19 # Site-specific additions and overrides. See local/README for details.
20 #include <local/gnunet>
21}
diff --git a/contrib/apparmor/gnunet-uri b/contrib/apparmor/gnunet-uri
new file mode 100644
index 000000000..d314fbad5
--- /dev/null
+++ b/contrib/apparmor/gnunet-uri
@@ -0,0 +1,16 @@
1# Last Modified: Mon Aug 10 18:04:08 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-uri {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 #More needed
10 @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px,
11
12 @{GNUNET_PREFIX}/bin/gnunet-uri mr,
13
14 # Site-specific additions and overrides. See local/README for details.
15 #include <local/gnunet>
16}
diff --git a/contrib/apparmor/gnunet-vpn b/contrib/apparmor/gnunet-vpn
new file mode 100644
index 000000000..1cf5b5ecc
--- /dev/null
+++ b/contrib/apparmor/gnunet-vpn
@@ -0,0 +1,13 @@
1# Last Modified: Mon Aug 10 18:11:26 2015
2#include <tunables/global>
3#include <tunables/gnunet>
4
5profile @{GNUNET_PREFIX}/bin/gnunet-vpn {
6 #include <abstractions/base>
7 #include <abstractions/gnunet-common>
8
9 @{GNUNET_PREFIX}/bin/gnunet-vpn mr,
10
11 # Site-specific additions and overrides. See local/README for details.
12 #include <local/gnunet>
13}
diff --git a/contrib/apparmor/tunables/gnunet b/contrib/apparmor/tunables/gnunet
index e7ff8256a..106169714 100644
--- a/contrib/apparmor/tunables/gnunet
+++ b/contrib/apparmor/tunables/gnunet
@@ -1 +1,6 @@
1@{GNUNET_PREFIX}=/usr/local 1@{GNUNET_PREFIX}=/usr/local
2@{GNUNET_USER}=/var/lib/gnunet
3@{LIBPRE}=/ /usr/
4@{LIBDIRS}=lib{,32,64} lib/@{multiarch}
5@{LIBS}=libc libm linux-vso
6
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 19:35:16 +0000