From c36169b334c725ab3e626cf32617da7b87ee6594 Mon Sep 17 00:00:00 2001 From: Julien Morvan Date: Mon, 17 Aug 2015 09:23:39 +0000 Subject: --- contrib/apparmor/abstractions/gnunet-common | 38 ++------- contrib/apparmor/abstractions/gnunet-db | 8 ++ contrib/apparmor/abstractions/gnunet-gtk | 10 +++ contrib/apparmor/abstractions/gnunet-libaudio | 23 ------ contrib/apparmor/abstractions/gnunet-sgid | 1 + contrib/apparmor/abstractions/gnunet-suid | 15 ++++ contrib/apparmor/abstractions/gnunet-test | 13 ++++ contrib/apparmor/gnunet-arm | 17 ++-- contrib/apparmor/gnunet-ats | 15 ++++ contrib/apparmor/gnunet-auto-share | 27 +++++++ contrib/apparmor/gnunet-bcd | 14 ++++ contrib/apparmor/gnunet-cadet | 13 ++++ contrib/apparmor/gnunet-config | 13 ++++ contrib/apparmor/gnunet-conversation | 13 ++++ contrib/apparmor/gnunet-conversation-gtk | 26 +++++++ contrib/apparmor/gnunet-conversation-test | 16 ++++ contrib/apparmor/gnunet-core | 13 ++++ contrib/apparmor/gnunet-daemon-exit | 19 +---- contrib/apparmor/gnunet-daemon-hostlist | 57 ++------------ contrib/apparmor/gnunet-daemon-latency-logger | 12 +-- contrib/apparmor/gnunet-daemon-pt | 20 +---- contrib/apparmor/gnunet-daemon-regexprofiler | 10 +-- contrib/apparmor/gnunet-daemon-testbed-blacklist | 10 +-- contrib/apparmor/gnunet-daemon-testbed-underlay | 18 +---- contrib/apparmor/gnunet-daemon-topology | 20 +---- contrib/apparmor/gnunet-datastore | 13 ++++ contrib/apparmor/gnunet-directory | 16 ++++ contrib/apparmor/gnunet-dns2gns | 21 +---- contrib/apparmor/gnunet-download | 13 ++++ contrib/apparmor/gnunet-download-manager.scm | 25 ++++++ contrib/apparmor/gnunet-ecc | 15 ++++ contrib/apparmor/gnunet-fs | 13 ++++ contrib/apparmor/gnunet-fs-gtk | 43 +++++++++++ contrib/apparmor/gnunet-gns | 21 +++++ contrib/apparmor/gnunet-gns-import.sh | 22 ++++++ contrib/apparmor/gnunet-gns-proxy | 41 +--------- contrib/apparmor/gnunet-gns-proxy-setup-ca | 40 ++++++++++ contrib/apparmor/gnunet-gtk | 26 +++++++ contrib/apparmor/gnunet-helper-audio-playback | 11 ++- contrib/apparmor/gnunet-helper-audio-record | 11 ++- contrib/apparmor/gnunet-helper-dns | 7 +- contrib/apparmor/gnunet-helper-exit | 8 +- contrib/apparmor/gnunet-helper-fs-publish | 14 ++-- contrib/apparmor/gnunet-helper-nat-client | 8 +- contrib/apparmor/gnunet-helper-nat-server | 7 +- contrib/apparmor/gnunet-helper-testbed | 30 ++------ contrib/apparmor/gnunet-helper-transport-bluetooth | 18 +++++ contrib/apparmor/gnunet-helper-transport-wlan | 7 +- .../apparmor/gnunet-helper-transport-wlan-dummy | 7 +- contrib/apparmor/gnunet-helper-vpn | 13 ++-- contrib/apparmor/gnunet-identity | 15 ++++ contrib/apparmor/gnunet-identity-gtk | 16 ++++ contrib/apparmor/gnunet-mesh | 13 ++++ contrib/apparmor/gnunet-namecache | 13 ++++ contrib/apparmor/gnunet-namestore | 21 +++++ contrib/apparmor/gnunet-namestore-fcfsd | 26 +------ contrib/apparmor/gnunet-namestore-gtk | 27 +++++++ contrib/apparmor/gnunet-nat-server | 13 ++++ contrib/apparmor/gnunet-nse | 13 ++++ contrib/apparmor/gnunet-peerinfo | 19 +++++ contrib/apparmor/gnunet-peerinfo-gtk | 17 ++++ contrib/apparmor/gnunet-peerstore | 13 ++++ contrib/apparmor/gnunet-publish | 16 ++++ contrib/apparmor/gnunet-qr | 15 ++++ contrib/apparmor/gnunet-resolver | 13 ++++ contrib/apparmor/gnunet-revocation | 13 ++++ contrib/apparmor/gnunet-scalarproduct | 13 ++++ contrib/apparmor/gnunet-scrypt | 19 +++++ contrib/apparmor/gnunet-search | 13 ++++ contrib/apparmor/gnunet-service-arm | 90 +++------------------- contrib/apparmor/gnunet-service-ats | 12 ++- contrib/apparmor/gnunet-service-cadet | 21 ++--- contrib/apparmor/gnunet-service-conversation | 24 ++---- contrib/apparmor/gnunet-service-core | 15 ++-- contrib/apparmor/gnunet-service-datastore | 23 +++--- contrib/apparmor/gnunet-service-dht | 45 +++-------- contrib/apparmor/gnunet-service-dns | 6 +- contrib/apparmor/gnunet-service-fs | 46 +++-------- contrib/apparmor/gnunet-service-gns | 24 ++---- contrib/apparmor/gnunet-service-identity | 11 +-- contrib/apparmor/gnunet-service-mesh | 19 +++++ contrib/apparmor/gnunet-service-namecache | 25 +++--- contrib/apparmor/gnunet-service-namestore | 28 ++----- contrib/apparmor/gnunet-service-nse | 17 ++-- contrib/apparmor/gnunet-service-peerinfo | 13 ++-- contrib/apparmor/gnunet-service-peerstore | 19 ++--- contrib/apparmor/gnunet-service-regex | 13 ++-- contrib/apparmor/gnunet-service-resolver | 21 +---- contrib/apparmor/gnunet-service-revocation | 20 ++--- .../apparmor/gnunet-service-scalarproduct-alice | 8 +- contrib/apparmor/gnunet-service-scalarproduct-bob | 9 +-- contrib/apparmor/gnunet-service-set | 10 +-- contrib/apparmor/gnunet-service-statistics | 11 ++- contrib/apparmor/gnunet-service-template | 8 +- contrib/apparmor/gnunet-service-testbed | 25 +++--- contrib/apparmor/gnunet-service-testbed-logger | 6 +- contrib/apparmor/gnunet-service-transport | 22 ++---- contrib/apparmor/gnunet-service-vpn | 16 +--- contrib/apparmor/gnunet-set-ibf-profiler | 13 ++++ contrib/apparmor/gnunet-set-profiler | 14 ++++ contrib/apparmor/gnunet-setup | 57 ++++++++++++++ contrib/apparmor/gnunet-statistics | 13 ++++ contrib/apparmor/gnunet-statistics-gtk | 16 ++++ contrib/apparmor/gnunet-template | 13 ++++ contrib/apparmor/gnunet-testbed-profiler | 13 ++++ contrib/apparmor/gnunet-testing | 20 +++++ contrib/apparmor/gnunet-transport | 15 ++++ .../apparmor/gnunet-transport-certificate-creation | 26 +++++++ contrib/apparmor/gnunet-unindex | 21 +++++ contrib/apparmor/gnunet-uri | 16 ++++ contrib/apparmor/gnunet-vpn | 13 ++++ contrib/apparmor/tunables/gnunet | 5 ++ 112 files changed, 1326 insertions(+), 735 deletions(-) create mode 100644 contrib/apparmor/abstractions/gnunet-db create mode 100644 contrib/apparmor/abstractions/gnunet-gtk delete mode 100644 contrib/apparmor/abstractions/gnunet-libaudio create mode 100644 contrib/apparmor/abstractions/gnunet-sgid create mode 100644 contrib/apparmor/abstractions/gnunet-suid create mode 100644 contrib/apparmor/abstractions/gnunet-test create mode 100644 contrib/apparmor/gnunet-ats create mode 100644 contrib/apparmor/gnunet-auto-share create mode 100644 contrib/apparmor/gnunet-bcd create mode 100644 contrib/apparmor/gnunet-cadet create mode 100644 contrib/apparmor/gnunet-config create mode 100644 contrib/apparmor/gnunet-conversation create mode 100644 contrib/apparmor/gnunet-conversation-gtk create mode 100644 contrib/apparmor/gnunet-conversation-test create mode 100644 contrib/apparmor/gnunet-core create mode 100644 contrib/apparmor/gnunet-datastore create mode 100644 contrib/apparmor/gnunet-directory create mode 100644 contrib/apparmor/gnunet-download create mode 100644 contrib/apparmor/gnunet-download-manager.scm create mode 100644 contrib/apparmor/gnunet-ecc create mode 100644 contrib/apparmor/gnunet-fs create mode 100644 contrib/apparmor/gnunet-fs-gtk create mode 100644 contrib/apparmor/gnunet-gns create mode 100644 contrib/apparmor/gnunet-gns-import.sh create mode 100644 contrib/apparmor/gnunet-gns-proxy-setup-ca create mode 100644 contrib/apparmor/gnunet-gtk create mode 100644 contrib/apparmor/gnunet-helper-transport-bluetooth create mode 100644 contrib/apparmor/gnunet-identity create mode 100644 contrib/apparmor/gnunet-identity-gtk create mode 100644 contrib/apparmor/gnunet-mesh create mode 100644 contrib/apparmor/gnunet-namecache create mode 100644 contrib/apparmor/gnunet-namestore create mode 100644 contrib/apparmor/gnunet-namestore-gtk create mode 100644 contrib/apparmor/gnunet-nat-server create mode 100644 contrib/apparmor/gnunet-nse create mode 100644 contrib/apparmor/gnunet-peerinfo create mode 100644 contrib/apparmor/gnunet-peerinfo-gtk create mode 100644 contrib/apparmor/gnunet-peerstore create mode 100644 contrib/apparmor/gnunet-publish create mode 100644 contrib/apparmor/gnunet-qr create mode 100644 contrib/apparmor/gnunet-resolver create mode 100644 contrib/apparmor/gnunet-revocation create mode 100644 contrib/apparmor/gnunet-scalarproduct create mode 100644 contrib/apparmor/gnunet-scrypt create mode 100644 contrib/apparmor/gnunet-search create mode 100644 contrib/apparmor/gnunet-service-mesh create mode 100644 contrib/apparmor/gnunet-set-ibf-profiler create mode 100644 contrib/apparmor/gnunet-set-profiler create mode 100644 contrib/apparmor/gnunet-setup create mode 100644 contrib/apparmor/gnunet-statistics create mode 100644 contrib/apparmor/gnunet-statistics-gtk create mode 100644 contrib/apparmor/gnunet-template create mode 100644 contrib/apparmor/gnunet-testbed-profiler create mode 100644 contrib/apparmor/gnunet-testing create mode 100644 contrib/apparmor/gnunet-transport create mode 100644 contrib/apparmor/gnunet-transport-certificate-creation create mode 100644 contrib/apparmor/gnunet-unindex create mode 100644 contrib/apparmor/gnunet-uri create mode 100644 contrib/apparmor/gnunet-vpn (limited to 'contrib/apparmor') diff --git a/contrib/apparmor/abstractions/gnunet-common b/contrib/apparmor/abstractions/gnunet-common index 7d7515d80..3bf6806f5 100644 --- a/contrib/apparmor/abstractions/gnunet-common +++ b/contrib/apparmor/abstractions/gnunet-common @@ -1,34 +1,12 @@ # This files contains common permissions for gnunet - /usr/share/zoneinfo/ r, - /usr/share/zoneinfo/** r, + #GNUnet configuration file + @{GNUNET_PREFIX}/share/gnunet/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r, - /dev/urandom r, - - /etc/ld.so.cache r, - - @{PROC}/@{pid}/maps r, - - #Gnunet configuration file - /usr/local/share/gnunet/config.d/ r, - /usr/local/share/gnunet/config.d/*.conf r, - - /etc/gnunet.conf r, - owner @{HOME}/.config/gnunet.conf r, - - #Librairies - /usr/lib/libc-*.so mr, - /usr/lib/libdl-*.so mr, - /usr/lib/libgcrypt.so.* mr, - /usr/lib/libltdl.so.* mr, - /usr/lib/libgpg-error.so.* mr, - /usr/lib/libm-*.so mr, - /usr/lib/libunistring.so.* mr, - /usr/lib/libz.so.* mr, + /etc/gnunet.conf r, + @{HOME}/.config/gnunet.conf r, + owner @{GNUNET_USER}/.config/gnunet.conf r, - #Gnunet librairies - /usr/local/lib/libgnunetutil.so.* mr, - - #For testbed (if the /tmp directory is used) - /tmp/testbed*/ rw, - /tmp/testbed*/** rwk, + #GNUnet librairies + @{GNUNET_PREFIX}/lib/libgnunet*.so.* mr, diff --git a/contrib/apparmor/abstractions/gnunet-db b/contrib/apparmor/abstractions/gnunet-db new file mode 100644 index 000000000..73b869dca --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-db @@ -0,0 +1,8 @@ +# gnunet-db +@{GNUNET_USER}/.local/share/gnunet/namestore/ ra, +@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db rwk, +@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db-journal rw, + +@{HOME}/.local/share/gnunet/namestore/ r, +@{HOME}/.local/share/gnunet/namestore/sqlite.db rwk, +@{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw, diff --git a/contrib/apparmor/abstractions/gnunet-gtk b/contrib/apparmor/abstractions/gnunet-gtk new file mode 100644 index 000000000..bf47adc0c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-gtk @@ -0,0 +1,10 @@ +# gnunet-gtk + + #include + + @{PROC}/@{pid}/cmdline r, + + /usr/share/gtk-*/settings.ini r, + + @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/gnunet-*-gtk.conf r, diff --git a/contrib/apparmor/abstractions/gnunet-libaudio b/contrib/apparmor/abstractions/gnunet-libaudio deleted file mode 100644 index 6dda03573..000000000 --- a/contrib/apparmor/abstractions/gnunet-libaudio +++ /dev/null @@ -1,23 +0,0 @@ -/usr/lib/libFLAC.so.* mr, -/usr/lib/libXau.so.* mr, -/usr/lib/libXdmcp.so.* mr, -/usr/lib/libasyncns.so.* mr, -/usr/lib/libattr.so.* mr, -/usr/lib/libcap.so.* mr, -/usr/lib/libdbus-1.so.* mr, -/usr/lib/libjson-c.so.* mr, -/usr/lib/liblz4.so.* mr, -/usr/lib/liblzma.so.* mr, -/usr/lib/libnsl-*.so mr, -/usr/lib/libogg.so.* mr, -/usr/lib/libopus.so.* mr, -/usr/lib/libpthread-*.so mr, -/usr/lib/libpulse.so.* mr, -/usr/lib/libresolv-*.so mr, -/usr/lib/librt-*.so mr, -/usr/lib/libsndfile.so.* mr, -/usr/lib/libsystemd.so.* mr, -/usr/lib/libvorbis.so.* mr, -/usr/lib/libvorbisenc.so.* mr, -/usr/lib/libxcb.so.* mr, -/usr/lib/pulseaudio/libpulsecommon-*.so mr, diff --git a/contrib/apparmor/abstractions/gnunet-sgid b/contrib/apparmor/abstractions/gnunet-sgid new file mode 100644 index 000000000..b1a7655b1 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-sgid @@ -0,0 +1 @@ +# gnunet-sgid diff --git a/contrib/apparmor/abstractions/gnunet-suid b/contrib/apparmor/abstractions/gnunet-suid new file mode 100644 index 000000000..a9310734c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-suid @@ -0,0 +1,15 @@ +# gnunet-suid + + /etc/ld.so.cache mr, + /lib{,32,64}/ld{,32,64}-*.so mrix, + /lib{,32,64}/**/ld{,32,64}-*.so mrix, + /lib/@{multiarch}/ld{,32,64}-*.so mrix, + /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix, + /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix, + /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, + + @{LIBPRE}@{LIBDIRS}/** r, + @{LIBPRE}@{LIBDIRS}/@{LIBS}.so* mr, + @{LIBPRE}@{LIBDIRS}/**/@{LIBS}.so* mr, + /lib/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, + /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, diff --git a/contrib/apparmor/abstractions/gnunet-test b/contrib/apparmor/abstractions/gnunet-test new file mode 100644 index 000000000..8daf3ea9c --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-test @@ -0,0 +1,13 @@ + + #testbed (if the /tmp directory is used) + /tmp/testbed*/ rw, + /tmp/testbed*/** rwk, + + #testbed helper + /tmp/testbed-helper*/ rw, + + #gnunet-testing + /tmp/gnunet-testing* rw, + /tmp/gnunet_service_test*/ rw, + /tmp/gnunet_service_test*/** rw, + diff --git a/contrib/apparmor/gnunet-arm b/contrib/apparmor/gnunet-arm index d969f6af1..8e2fdd426 100644 --- a/contrib/apparmor/gnunet-arm +++ b/contrib/apparmor/gnunet-arm @@ -3,26 +3,19 @@ #include profile @{GNUNET_PREFIX}/bin/gnunet-arm { + #include #include @{GNUNET_PREFIX}/bin/gnunet-arm mr, - /usr/lib/gconv/gconv-modules r, - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - /dev/null ra, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - - #Gnunet service + #GNUnet service @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px , /tmp/gnunet-*-runtime/ rw, /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, - - #/tmp/gnunet-gnunet-runtime/* rw, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-ats b/contrib/apparmor/gnunet-ats new file mode 100644 index 000000000..2c69b4ec0 --- /dev/null +++ b/contrib/apparmor/gnunet-ats @@ -0,0 +1,15 @@ +# Last Modified: Wed Aug 5 15:08:43 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-ats { + #include + #include + + @{HOME}/.config/gnunet.conf r, + + @{GNUNET_PREFIX}/bin/gnunet-ats mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-auto-share b/contrib/apparmor/gnunet-auto-share new file mode 100644 index 000000000..0206acf39 --- /dev/null +++ b/contrib/apparmor/gnunet-auto-share @@ -0,0 +1,27 @@ +# Last Modified: Thu Aug 6 11:44:37 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-auto-share { + #include + #include + + @{HOME}/.config/gnunet.conf r, + + #Directory access(?) + @{HOME}/gnunet-fs/ r, + @{HOME}/gnunet-fs/.auto-share rw, + + @{GNUNET_PREFIX}/bin/gnunet-auto-share mr, + + @{GNUNET_PREFIX}/bin/gnunet-publish Px, + + @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, + + @{GNUNET_PREFIX}/share/gnunet/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r, + + # Site-specific additions and overrides. See local/README for details. + #include + +} diff --git a/contrib/apparmor/gnunet-bcd b/contrib/apparmor/gnunet-bcd new file mode 100644 index 000000000..2173e03b5 --- /dev/null +++ b/contrib/apparmor/gnunet-bcd @@ -0,0 +1,14 @@ +# Last Modified: Thu Aug 6 11:50:51 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-bcd { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-bcd mr, + + # Site-specific additions and overrides. See local/README for details. + #include + +} diff --git a/contrib/apparmor/gnunet-cadet b/contrib/apparmor/gnunet-cadet new file mode 100644 index 000000000..ef82d742a --- /dev/null +++ b/contrib/apparmor/gnunet-cadet @@ -0,0 +1,13 @@ +# Last Modified: Thu Aug 6 11:59:53 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-cadet { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-cadet mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-config b/contrib/apparmor/gnunet-config new file mode 100644 index 000000000..28aef4259 --- /dev/null +++ b/contrib/apparmor/gnunet-config @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 15:36:02 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-config { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-config mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-conversation b/contrib/apparmor/gnunet-conversation new file mode 100644 index 000000000..7c14fc382 --- /dev/null +++ b/contrib/apparmor/gnunet-conversation @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 15:41:05 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-conversation mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-conversation-gtk b/contrib/apparmor/gnunet-conversation-gtk new file mode 100644 index 000000000..676cb198d --- /dev/null +++ b/contrib/apparmor/gnunet-conversation-gtk @@ -0,0 +1,26 @@ +# Last Modified: Tue Aug 4 16:59:51 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk mr, + + @{GNUNET_PREFIX}/lib/gnunet/ r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_conversation_gtk_main_window.glade r, + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-conversation-test b/contrib/apparmor/gnunet-conversation-test new file mode 100644 index 000000000..7eefec2ce --- /dev/null +++ b/contrib/apparmor/gnunet-conversation-test @@ -0,0 +1,16 @@ +# Last Modified: Fri Aug 7 16:02:29 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation-test { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-conversation-test mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-core b/contrib/apparmor/gnunet-core new file mode 100644 index 000000000..83b1f3f83 --- /dev/null +++ b/contrib/apparmor/gnunet-core @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:12:14 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-core { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-core mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-daemon-exit b/contrib/apparmor/gnunet-daemon-exit index 95f1c57d8..3c5b99557 100644 --- a/contrib/apparmor/gnunet-daemon-exit +++ b/contrib/apparmor/gnunet-daemon-exit @@ -3,22 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit { + #include #include - /usr/lib/ld-*.so r, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - - /usr/share/locale/locale.alias r, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-hostlist b/contrib/apparmor/gnunet-daemon-hostlist index 82afb3848..4e21b1b30 100644 --- a/contrib/apparmor/gnunet-daemon-hostlist +++ b/contrib/apparmor/gnunet-daemon-hostlist @@ -3,7 +3,8 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist { - #include + #include + #include /etc/gai.conf r, /etc/host.conf r, @@ -11,56 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist { /etc/nsswitch.conf r, /etc/resolv.conf r, - /usr/lib/gconv/gconv-modules r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libacl.so.* mr, - /usr/lib/libattr.so.* mr, - /usr/lib/libcap.so.* mr, - /usr/lib/libcom_err.so.* mr, - /usr/lib/libcrypto.so.* mr, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnurl.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libgssapi_krb5.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libk5crypto.so.* mr, - /usr/lib/libkeyutils.so.* mr, - /usr/lib/libkrb5.so.* mr, - /usr/lib/libkrb5support.so.* mr, - /usr/lib/liblz4.so.* mr, - /usr/lib/liblzma.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libnss_dns-*.so mr, - /usr/lib/libnss_files-*.so mr, - /usr/lib/libnss_gns.so.* mr, - /usr/lib/libnss_myhostname.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/librt-*.so mr, - /usr/lib/libseccomp.so.* mr, - /usr/lib/libssh2.so.* mr, - /usr/lib/libssl.so.* mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, - - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-latency-logger b/contrib/apparmor/gnunet-daemon-latency-logger index 38053ffec..531516f1d 100644 --- a/contrib/apparmor/gnunet-daemon-latency-logger +++ b/contrib/apparmor/gnunet-daemon-latency-logger @@ -3,15 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger { + #include #include - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/locale/locale-archive r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - /usr/share/locale/locale.alias r, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-pt b/contrib/apparmor/gnunet-daemon-pt index a6460d46b..b30160c1a 100644 --- a/contrib/apparmor/gnunet-daemon-pt +++ b/contrib/apparmor/gnunet-daemon-pt @@ -3,23 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-regexprofiler b/contrib/apparmor/gnunet-daemon-regexprofiler index eface26d1..c47533bd0 100644 --- a/contrib/apparmor/gnunet-daemon-regexprofiler +++ b/contrib/apparmor/gnunet-daemon-regexprofiler @@ -2,12 +2,12 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-testbed-blacklist b/contrib/apparmor/gnunet-daemon-testbed-blacklist index 9dcfe321b..2f01531f8 100644 --- a/contrib/apparmor/gnunet-daemon-testbed-blacklist +++ b/contrib/apparmor/gnunet-daemon-testbed-blacklist @@ -2,12 +2,12 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-testbed-underlay b/contrib/apparmor/gnunet-daemon-testbed-underlay index f11dcbca9..f9423ac7f 100644 --- a/contrib/apparmor/gnunet-daemon-testbed-underlay +++ b/contrib/apparmor/gnunet-daemon-testbed-underlay @@ -3,21 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-daemon-topology b/contrib/apparmor/gnunet-daemon-topology index b8b03082c..777baa4f3 100644 --- a/contrib/apparmor/gnunet-daemon-topology +++ b/contrib/apparmor/gnunet-daemon-topology @@ -3,25 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfriends.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - - /usr/lib/ld-*.so r, - /usr/lib//locale/locale-archive r, - - /usr/lib/gconv/gconv-modules r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-datastore b/contrib/apparmor/gnunet-datastore new file mode 100644 index 000000000..2ade374b6 --- /dev/null +++ b/contrib/apparmor/gnunet-datastore @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:29:48 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-datastore { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-datastore mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-directory b/contrib/apparmor/gnunet-directory new file mode 100644 index 000000000..caad23e7f --- /dev/null +++ b/contrib/apparmor/gnunet-directory @@ -0,0 +1,16 @@ +# Last Modified: Fri Aug 7 16:34:37 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-directory { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-directory mr, + + # Access to directory ? + + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-dns2gns b/contrib/apparmor/gnunet-dns2gns index c860d56b0..6720c102e 100644 --- a/contrib/apparmor/gnunet-dns2gns +++ b/contrib/apparmor/gnunet-dns2gns @@ -3,24 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-download b/contrib/apparmor/gnunet-download new file mode 100644 index 000000000..bcc212857 --- /dev/null +++ b/contrib/apparmor/gnunet-download @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:42:43 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-download { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-download mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-download-manager.scm b/contrib/apparmor/gnunet-download-manager.scm new file mode 100644 index 000000000..a1e8c07dd --- /dev/null +++ b/contrib/apparmor/gnunet-download-manager.scm @@ -0,0 +1,25 @@ +# vim:syntax=apparmor +# Last Modified: Tue Aug 11 11:17:17 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm { + #include + #include + + /dev/tty rw, + + @{HOME}/.cache/guile/ccache/*-LE-*@{GNUNET_PREFIX}/bin/gnunet-download-manager.scm.go.* rw, + + @{PROC}/@{pid}/statm r, + + /usr/bin/bash ix, + /usr/bin/guile rix, + + @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm r, + + /usr/share/guile/**/*.scm r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-ecc b/contrib/apparmor/gnunet-ecc new file mode 100644 index 000000000..67e2ac4e0 --- /dev/null +++ b/contrib/apparmor/gnunet-ecc @@ -0,0 +1,15 @@ +# Last Modified: Fri Aug 7 16:54:41 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-ecc { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-ecc mr, + + #Access to filename? + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-fs b/contrib/apparmor/gnunet-fs new file mode 100644 index 000000000..4637b251b --- /dev/null +++ b/contrib/apparmor/gnunet-fs @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 17:09:21 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-fs { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-fs mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-fs-gtk b/contrib/apparmor/gnunet-fs-gtk new file mode 100644 index 000000000..0ffb0b38b --- /dev/null +++ b/contrib/apparmor/gnunet-fs-gtk @@ -0,0 +1,43 @@ +# Last Modified: Wed Aug 5 10:53:37 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-fs-gtk { + #include + #include + #include + #include + #include + +# /dev/shm/LE-* rw, + + owner @{HOME}/.config/gtk-*/bookmarks r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download-child/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/ r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/ r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/** rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/ ra, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/ ra, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/* rw, + + #Acces to files to share ? (lets create a gnunet directory in home) + owner @{HOME}/gnunet-fs/ r, + + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/* r, + + /usr/share/glib-*/schemas/gschemas.compiled r, + + #abstractions/dconf but we need write right here + /run/user/*/dconf/user rw, + + @{HOME}/.cache/thumbnails/normal/*.png r, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-gns b/contrib/apparmor/gnunet-gns new file mode 100644 index 000000000..1b63d2506 --- /dev/null +++ b/contrib/apparmor/gnunet-gns @@ -0,0 +1,21 @@ +# Last Modified: Fri Aug 7 17:41:19 2015 +#include +#include + +profile /usr/local/bin/gnunet-gns { + #include + #include + + /usr/local/bin/gnunet-gns mr, + + /usr/local/lib/gnunet/ r, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-gns-import.sh b/contrib/apparmor/gnunet-gns-import.sh new file mode 100644 index 000000000..631717ccf --- /dev/null +++ b/contrib/apparmor/gnunet-gns-import.sh @@ -0,0 +1,22 @@ +# Last Modified: Tue Aug 11 10:19:01 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh { + #include + #include + #include + + /dev/tty rw, + /usr/bin/bash ix, + /usr/bin/gawk rix, + /usr/bin/grep rix, + /usr/bin/which rix, + @{GNUNET_PREFIX}/bin/gnunet-arm Px, + @{GNUNET_PREFIX}/bin/gnunet-config rPx, + @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh r, + @{GNUNET_PREFIX}/bin/gnunet-identity Px, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-gns-proxy b/contrib/apparmor/gnunet-gns-proxy index 5d24b3a5e..99a306434 100644 --- a/contrib/apparmor/gnunet-gns-proxy +++ b/contrib/apparmor/gnunet-gns-proxy @@ -3,48 +3,15 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy { + #include #include /etc/ssl/openssl.cnf r, @{HOME}/.local/share/gnunet/gns/gns_ca_cert.pem r, - #Librairies - /usr/lib/gconv/gconv-modules r, - /usr/lib/ld-*.so r, - /usr/lib/libcom_err.so.* mr, - /usr/lib/libcrypto.so.* mr, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnurl.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libgssapi_krb5.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libk5crypto.so.* mr, - /usr/lib/libkeyutils.so.* mr, - /usr/lib/libkrb5.so.* mr, - /usr/lib/libkrb5support.so.* mr, - /usr/lib/libltdl.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/libssh2.so.* mr, - /usr/lib/libssl.so.* mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-gns-proxy-setup-ca b/contrib/apparmor/gnunet-gns-proxy-setup-ca new file mode 100644 index 000000000..cbb3fa191 --- /dev/null +++ b/contrib/apparmor/gnunet-gns-proxy-setup-ca @@ -0,0 +1,40 @@ +# Last Modified: Tue Aug 11 11:40:50 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca { + #include + #include + #include + #include + + /dev/tty rw, + /etc/passwd r, + /home/*/.local/share/gnunet/gns/ r, + /home/*/.local/share/gnunet/gns/gns_ca_cert.pem rw, + /home/*/.mozilla/firefox/ r, + /home/*/.mozilla/firefox/kw6js9xl.default/cert8.db rw, + /home/*/.mozilla/firefox/kw6js9xl.default/key3.db rw, + /home/*/.mozilla/firefox/kw6js9xl.default/secmod.db r, + /home/*/.pki/nssdb/cert8.db rw, + /home/*/.pki/nssdb/key3.db rw, + /home/*/.pki/nssdb/secmod.db r, + /home/*/.rnd rw, + + /usr/bin/bash ix, + /usr/bin/cat rix, + /usr/bin/certtool r, + /usr/bin/certutil rix, + /usr/bin/dirname rix, + /usr/bin/mkdir rix, + /usr/bin/mktemp rix, + /usr/bin/openssl rix, + /usr/bin/rm rix, + /usr/bin/which rix, + + @{GNUNET_PREFIX}/bin/gnunet-config Px, + @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-gtk b/contrib/apparmor/gnunet-gtk new file mode 100644 index 000000000..336748215 --- /dev/null +++ b/contrib/apparmor/gnunet-gtk @@ -0,0 +1,26 @@ +# Last Modified: Wed Aug 5 11:25:26 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-gtk mr, + + #GNUnet gtk binaries + @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-identity-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk Px, + + @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r, + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_gtk.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include + +} diff --git a/contrib/apparmor/gnunet-helper-audio-playback b/contrib/apparmor/gnunet-helper-audio-playback index b98b22b69..67d3ba371 100644 --- a/contrib/apparmor/gnunet-helper-audio-playback +++ b/contrib/apparmor/gnunet-helper-audio-playback @@ -2,9 +2,16 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback { + #include #include - #include + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback mr, + + /etc/machine-id r, + owner @{HOME}/.Xauthority r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-audio-record b/contrib/apparmor/gnunet-helper-audio-record index f85b83d9f..afed73ffb 100644 --- a/contrib/apparmor/gnunet-helper-audio-record +++ b/contrib/apparmor/gnunet-helper-audio-record @@ -2,9 +2,16 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record { + #include #include - #include + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record mr, + + /etc/machine-id r, + owner @{HOME}/.Xauthority r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-dns b/contrib/apparmor/gnunet-helper-dns index b6a102585..b5e219585 100644 --- a/contrib/apparmor/gnunet-helper-dns +++ b/contrib/apparmor/gnunet-helper-dns @@ -2,8 +2,8 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns { + #include #Capability capability net_admin, @@ -42,4 +42,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) { /usr/lib/locale/locale-archive r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-exit b/contrib/apparmor/gnunet-helper-exit index d185f5b80..f69e34d0c 100644 --- a/contrib/apparmor/gnunet-helper-exit +++ b/contrib/apparmor/gnunet-helper-exit @@ -2,11 +2,13 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit { + #include capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-fs-publish b/contrib/apparmor/gnunet-helper-fs-publish index ccf0cb513..9d437194c 100644 --- a/contrib/apparmor/gnunet-helper-fs-publish +++ b/contrib/apparmor/gnunet-helper-fs-publish @@ -2,13 +2,17 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish { + #include #include + #include - /usr/lib/libbz2.so.* mr, - /usr/lib/libextractor.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, + /dev/shm/LE-* r, + + /usr/share/file/misc/magic.mgc r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-nat-client b/contrib/apparmor/gnunet-helper-nat-client index 19a563878..ead52a5f1 100644 --- a/contrib/apparmor/gnunet-helper-nat-client +++ b/contrib/apparmor/gnunet-helper-nat-client @@ -2,11 +2,13 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client { + #include capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-nat-server b/contrib/apparmor/gnunet-helper-nat-server index 594d2de7a..d458f467f 100644 --- a/contrib/apparmor/gnunet-helper-nat-server +++ b/contrib/apparmor/gnunet-helper-nat-server @@ -2,11 +2,14 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server { + #include capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-testbed b/contrib/apparmor/gnunet-helper-testbed index 22ac13347..b7b41f688 100644 --- a/contrib/apparmor/gnunet-helper-testbed +++ b/contrib/apparmor/gnunet-helper-testbed @@ -2,36 +2,20 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed { + #include #include + #include - /dev/null rw, - /etc/gai.conf r, - /usr/lib/ld-*.so r, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - - /usr/lib/gconv/gconv-modules r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r, + #@{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-transport-bluetooth b/contrib/apparmor/gnunet-helper-transport-bluetooth new file mode 100644 index 000000000..b13ccb269 --- /dev/null +++ b/contrib/apparmor/gnunet-helper-transport-bluetooth @@ -0,0 +1,18 @@ +# Last Modified: Tue Jul 28 11:44:00 2015 +#include +#include + +# Add extra libs for this helper(libthread and libbluetooth) +@{LIBS}+=libpthread libbluetooth + +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth { + #include + + capability setuid, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth mr, + + # Site-specific additions and overrides. See local/README for details. + #include + +} diff --git a/contrib/apparmor/gnunet-helper-transport-wlan b/contrib/apparmor/gnunet-helper-transport-wlan index 0f1d5cf57..296b0c978 100644 --- a/contrib/apparmor/gnunet-helper-transport-wlan +++ b/contrib/apparmor/gnunet-helper-transport-wlan @@ -2,11 +2,14 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan { + #include capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-transport-wlan-dummy b/contrib/apparmor/gnunet-helper-transport-wlan-dummy index 9ad58e5d0..1c0514417 100644 --- a/contrib/apparmor/gnunet-helper-transport-wlan-dummy +++ b/contrib/apparmor/gnunet-helper-transport-wlan-dummy @@ -2,9 +2,12 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy flags=(complain) { - #include +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy { + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-helper-vpn b/contrib/apparmor/gnunet-helper-vpn index 9be198d76..8631b1b7c 100644 --- a/contrib/apparmor/gnunet-helper-vpn +++ b/contrib/apparmor/gnunet-helper-vpn @@ -2,20 +2,17 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn { + #include #Capability capability net_admin, capability setuid, /dev/net/tun rw, - /etc/ld.so.cache r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libc-*.so mr, - /usr/lib/libm-*.so mr, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-identity b/contrib/apparmor/gnunet-identity new file mode 100644 index 000000000..3aa76cc6e --- /dev/null +++ b/contrib/apparmor/gnunet-identity @@ -0,0 +1,15 @@ +# Last Modified: Fri Aug 7 17:48:29 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-identity { + #include + #include + + @{HOME}/.local/share/gnunet/identity/egos/* rw, + + @{GNUNET_PREFIX}/bin/gnunet-identity mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-identity-gtk b/contrib/apparmor/gnunet-identity-gtk new file mode 100644 index 000000000..e7abb8795 --- /dev/null +++ b/contrib/apparmor/gnunet-identity-gtk @@ -0,0 +1,16 @@ +# Last Modified: Wed Aug 5 11:24:55 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-identity-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-identity-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_identity_gtk_main_window.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-mesh b/contrib/apparmor/gnunet-mesh new file mode 100644 index 000000000..9f5b07fc5 --- /dev/null +++ b/contrib/apparmor/gnunet-mesh @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 18:02:28 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-mesh { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-mesh mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-namecache b/contrib/apparmor/gnunet-namecache new file mode 100644 index 000000000..f7eca4091 --- /dev/null +++ b/contrib/apparmor/gnunet-namecache @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 18:07:23 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-namecache { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-namecache mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-namestore b/contrib/apparmor/gnunet-namestore new file mode 100644 index 000000000..c97fad77d --- /dev/null +++ b/contrib/apparmor/gnunet-namestore @@ -0,0 +1,21 @@ +# Last Modified: Mon Aug 10 11:05:21 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-namestore { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-namestore mr, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-namestore-fcfsd b/contrib/apparmor/gnunet-namestore-fcfsd index 9c57801a9..8ac09e69b 100644 --- a/contrib/apparmor/gnunet-namestore-fcfsd +++ b/contrib/apparmor/gnunet-namestore-fcfsd @@ -3,29 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-namestore-gtk b/contrib/apparmor/gnunet-namestore-gtk new file mode 100644 index 000000000..fb3256ca9 --- /dev/null +++ b/contrib/apparmor/gnunet-namestore-gtk @@ -0,0 +1,27 @@ +# Last Modified: Wed Aug 5 11:24:52 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk mr, + + @{GNUNET_PREFIX}/lib/gnunet/ r, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_namestore_gtk_main_window.glade r, + @{GNUNET_PREFIX}/share/gnunet-gtk/qr_dummy.png r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-nat-server b/contrib/apparmor/gnunet-nat-server new file mode 100644 index 000000000..9884383a2 --- /dev/null +++ b/contrib/apparmor/gnunet-nat-server @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 11:34:29 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-nat-server { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-nat-server mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-nse b/contrib/apparmor/gnunet-nse new file mode 100644 index 000000000..74c0d9420 --- /dev/null +++ b/contrib/apparmor/gnunet-nse @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 11:38:47 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-nse { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-nse mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-peerinfo b/contrib/apparmor/gnunet-peerinfo new file mode 100644 index 000000000..0c30d38af --- /dev/null +++ b/contrib/apparmor/gnunet-peerinfo @@ -0,0 +1,19 @@ +# Last Modified: Mon Aug 10 11:46:50 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo mr, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-peerinfo-gtk b/contrib/apparmor/gnunet-peerinfo-gtk new file mode 100644 index 000000000..e1e0271d8 --- /dev/null +++ b/contrib/apparmor/gnunet-peerinfo-gtk @@ -0,0 +1,17 @@ +# Last Modified: Tue Aug 11 16:20:57 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/* r, + @{GNUNET_PREFIX}/share/gnunet-gtk/flags/*.png r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-peerstore b/contrib/apparmor/gnunet-peerstore new file mode 100644 index 000000000..944f1bed2 --- /dev/null +++ b/contrib/apparmor/gnunet-peerstore @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 12:03:53 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-peerstore { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-peerstore mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-publish b/contrib/apparmor/gnunet-publish new file mode 100644 index 000000000..105ff1861 --- /dev/null +++ b/contrib/apparmor/gnunet-publish @@ -0,0 +1,16 @@ +# Last Modified: Thu Aug 6 12:00:00 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-publish { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-publish mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-qr b/contrib/apparmor/gnunet-qr new file mode 100644 index 000000000..b893faf98 --- /dev/null +++ b/contrib/apparmor/gnunet-qr @@ -0,0 +1,15 @@ +# Last Modified: Tue Aug 11 16:14:05 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-qr { + #include + #include + #include + + /usr/bin/python3.4 ix, + @{GNUNET_PREFIX}/bin/gnunet-qr r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-resolver b/contrib/apparmor/gnunet-resolver new file mode 100644 index 000000000..e5455b257 --- /dev/null +++ b/contrib/apparmor/gnunet-resolver @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 12:21:50 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-resolver { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-resolver mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-revocation b/contrib/apparmor/gnunet-revocation new file mode 100644 index 000000000..8cab61f4f --- /dev/null +++ b/contrib/apparmor/gnunet-revocation @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:03:13 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-revocation { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-revocation mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-scalarproduct b/contrib/apparmor/gnunet-scalarproduct new file mode 100644 index 000000000..acf564a8c --- /dev/null +++ b/contrib/apparmor/gnunet-scalarproduct @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:13:42 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-scalarproduct { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-scalarproduct mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-scrypt b/contrib/apparmor/gnunet-scrypt new file mode 100644 index 000000000..a184bf0a3 --- /dev/null +++ b/contrib/apparmor/gnunet-scrypt @@ -0,0 +1,19 @@ +# Last Modified: Mon Aug 10 15:36:34 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-scrypt { + #include + #include + + @{HOME}/.local/share/gnunet/nse/proof.dat rw, + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + @{GNUNET_PREFIX}/bin/gnunet-scrypt mr, + + @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-search b/contrib/apparmor/gnunet-search new file mode 100644 index 000000000..b23f91e55 --- /dev/null +++ b/contrib/apparmor/gnunet-search @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:59:45 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-search { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-search mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-service-arm b/contrib/apparmor/gnunet-service-arm index 5a4a78657..546e6332e 100644 --- a/contrib/apparmor/gnunet-service-arm +++ b/contrib/apparmor/gnunet-service-arm @@ -3,37 +3,16 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { + #include #include - /dev/null ra, - /tmp/gnunet-*-runtime/ rw, - /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, - /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw, - /tmp/gnunet-*-runtime/gnunet-service-identity.unix rw, - /tmp/gnunet-*-runtime/gnunet-service-namestore.sock rw, - - /tmp/gnunet-system-runtime/ rw, - /tmp/gnunet-system-runtime/gnunet-service-*.sock rw, - /tmp/gnunet-system-runtime/gnunet-service-nse.unix rw, - /tmp/gnunet-system-runtime/gnunet-service-revocation.unix rw, - - /var/lib/gnunet/.local/share/gnunet/ r, - /var/lib/gnunet/.local/share/gnunet/revocation.dat r, - /var/lib/gnunet/.local/share/gnunet/peerstore/ a, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw, - /var/lib/gnunet/.config/gnunet.conf r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, +# /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, +# /tmp/gnunet-*-runtime/gnunet-service-namestore.sock r, +# /tmp/gnunet-*-runtime/gnunet-service-identity.sock r, +# /tmp/gnunet-*-runtime/gnunet-service-gns.sock r, - /usr/lib/libsqlite3.so.* mr, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale-alias r, + /tmp/gnunet-*-runtime/gnunet-service-*.sock rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm mr, @@ -41,7 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, - #Gnunet daemon + #GNUnet daemon @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger Px, @@ -55,54 +34,9 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd Px, - #Gnunet service - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn Px, - - #Gnunet helper - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns r, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* r, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* r, - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr, + #GNUnet service + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-ats b/contrib/apparmor/gnunet-service-ats index 53e849517..8e6b35295 100644 --- a/contrib/apparmor/gnunet-service-ats +++ b/contrib/apparmor/gnunet-service-ats @@ -3,18 +3,16 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include - /usr/lib/ld-*.so r, } diff --git a/contrib/apparmor/gnunet-service-cadet b/contrib/apparmor/gnunet-service-cadet index 07def08ad..056ce49fa 100644 --- a/contrib/apparmor/gnunet-service-cadet +++ b/contrib/apparmor/gnunet-service-cadet @@ -3,24 +3,15 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, + /tmp/gnunet-system-runtime/gnunet-service-cadet.sock rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-conversation b/contrib/apparmor/gnunet-service-conversation index 781c239f9..740332768 100644 --- a/contrib/apparmor/gnunet-service-conversation +++ b/contrib/apparmor/gnunet-service-conversation @@ -3,25 +3,17 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation { + #include #include - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetconversation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetmicrophone.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetspeaker.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + #GNUnet helper + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-core b/contrib/apparmor/gnunet-service-core index 24fdd641c..4d9b28353 100644 --- a/contrib/apparmor/gnunet-service-core +++ b/contrib/apparmor/gnunet-service-core @@ -1,20 +1,15 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core { + #include #include - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-datastore b/contrib/apparmor/gnunet-service-datastore index 363946910..32efa4c52 100644 --- a/contrib/apparmor/gnunet-service-datastore +++ b/contrib/apparmor/gnunet-service-datastore @@ -1,27 +1,22 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore { + #include #include + #include - /var/lib/gnunet/.local/share/gnunet/datastore/bloomfilter.sqlite rw, - /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db-journal rw, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, + @{GNUNET_USER}/.local/share/gnunet/datastore/bloomfilter.sqlite rw, + @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db-journal rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore mr, #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr, - - #Gnunet Librairies - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-dht b/contrib/apparmor/gnunet-service-dht index 67c45beb8..1d0922441 100644 --- a/contrib/apparmor/gnunet-service-dht +++ b/contrib/apparmor/gnunet-service-dht @@ -3,55 +3,34 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatacache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - #Gnunet plugin @{GNUNET_PREFIX}/lib/gnunet/ r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libextractor.so.* mr, - /usr/lib/libbz2.so.* mr, - /usr/lib/librt-*.so mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libidn.so.* mr, - /tmp/gnunet-system-runtime/gnunet-service-dht.sock w, /tmp/gnunet-datacachebloom* rw, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-dns b/contrib/apparmor/gnunet-service-dns index ba8a31ce1..394b97eb1 100644 --- a/contrib/apparmor/gnunet-service-dns +++ b/contrib/apparmor/gnunet-service-dns @@ -3,12 +3,13 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns { - #include + #include capability setgid, /usr/lib/ld-*.so r, + #GNUnet helper @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns mr, @@ -17,4 +18,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns { @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-fs b/contrib/apparmor/gnunet-service-fs index 59a74f502..70de39c2e 100644 --- a/contrib/apparmor/gnunet-service-fs +++ b/contrib/apparmor/gnunet-service-fs @@ -4,56 +4,34 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs { + #include #include - /etc/gnunet.conf r, - @{HOME}/.config/gnunet.conf r, - /tmp/gnunet-system-runtime/gnunet-service-fs.sock w, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, owner @{HOME}/.local/share/gnunet/fs/idxinfo.lst r, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libbz2.so.* mr, - /usr/lib/libextractor.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs mr, #Gnunet plugin @{GNUNET_PREFIX}/lib/gnunet/ r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-gns b/contrib/apparmor/gnunet-service-gns index b271eecba..25184e50d 100644 --- a/contrib/apparmor/gnunet-service-gns +++ b/contrib/apparmor/gnunet-service-gns @@ -4,27 +4,15 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns { + #include #include - @{HOME}/.config/gnunet.conf r, + /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw, - #Librairies - /usr/lib/ld-2.21.so r, - /usr/lib/libidn.so.* mr, + @{HOME}/.config/gnunet.conf r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-identity b/contrib/apparmor/gnunet-service-identity index 8cf0f99b6..3e0a6bb60 100644 --- a/contrib/apparmor/gnunet-service-identity +++ b/contrib/apparmor/gnunet-service-identity @@ -3,17 +3,15 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity { + #include #include /tmp/gnunet-*-runtime/ a, - /usr/lib/ld-*.so r, - - /var/lib/gnunet/.local/share/gnunet/identity/ a, - /var/lib/gnunet/.local/share/gnunet/identity/egos/ ra, + @{GNUNET_USER}/.local/share/gnunet/identity/ a, + @{GNUNET_USER}/.local/share/gnunet/identity/egos/ ra, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, @{HOME}/.config/gnunet/identity/subsystem_defaults.conf rw, @@ -22,4 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity { @{HOME}/.local/share/gnunet/identity/egos/private-zone rk, @{HOME}/.local/share/gnunet/identity/egos/short-zone rk, @{HOME}/.local/share/gnunet/identity/egos/sks-zone rk, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-mesh b/contrib/apparmor/gnunet-service-mesh new file mode 100644 index 000000000..6b7944110 --- /dev/null +++ b/contrib/apparmor/gnunet-service-mesh @@ -0,0 +1,19 @@ +# Last Modified: Fri Jul 3 17:37:56 2015 +#include +#include + +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh { + #include + #include + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh mr, + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + /tmp/gnunet-system-runtime/gnunet-service-mesh.sock w, + + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-service-namecache b/contrib/apparmor/gnunet-service-namecache index 8b5f21103..ddf6ab57e 100644 --- a/contrib/apparmor/gnunet-service-namecache +++ b/contrib/apparmor/gnunet-service-namecache @@ -3,28 +3,21 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache { + #include #include + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.so mr, - /var/lib/gnunet/.local/share/gnunet/namecache/ r, - /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db-journal rw, - - #Librairies - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/namecache/ r, + @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db-journal rw, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-namestore b/contrib/apparmor/gnunet-service-namestore index 68b94e6aa..0ee993ea0 100644 --- a/contrib/apparmor/gnunet-service-namestore +++ b/contrib/apparmor/gnunet-service-namestore @@ -3,34 +3,18 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore { + #include #include + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr, - #Librairies - /usr/lib/libidn.so.* mr, - /usr/lib/ld-*.so r, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/libpthread-*.so mr, - - /var/lib/gnunet/.local/share/gnunet/namestore/ ra, - /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db-journal rw, - - @{HOME}/.local/share/gnunet/namestore/ r, - @{HOME}/.local/share/gnunet/namestore/sqlite.db rwk, - @{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw, - /tmp/gnunet-*-runtime/ a, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-nse b/contrib/apparmor/gnunet-service-nse index a3f7f2a12..6b6ecf757 100644 --- a/contrib/apparmor/gnunet-service-nse +++ b/contrib/apparmor/gnunet-service-nse @@ -3,22 +3,19 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /usr/lib/ld-*.so mr, - - /tmp/gnunet-system-runtime/gnunet-service-nse.unix w, + /tmp/gnunet-system-runtime/gnunet-service-nse.sock rw, @{HOME}/.local/share/gnunet/private_key.ecc rk, owner @{HOME}/.local/share/gnunet/nse/proof.dat rw, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rwk, - /var/lib/gnunet/.local/share/gnunet/nse/proof.dat rw, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk, + @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-peerinfo b/contrib/apparmor/gnunet-service-peerinfo index 1ce4a85f8..4da70eb53 100644 --- a/contrib/apparmor/gnunet-service-peerinfo +++ b/contrib/apparmor/gnunet-service-peerinfo @@ -1,21 +1,20 @@ # Last Modified: Wed Jul 8 17:03:17 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo { + #include #include @{GNUNET_PREFIX}/share/gnunet/hellos/ r, @{GNUNET_PREFIX}/share/gnunet/hellos/* r, - /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/ r, - /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/* rw, + @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/ r, + @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/* rw, - /usr/lib/ld-*.so r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo mr, - - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-peerstore b/contrib/apparmor/gnunet-service-peerstore index 536e4ee0f..cbab2395e 100644 --- a/contrib/apparmor/gnunet-service-peerstore +++ b/contrib/apparmor/gnunet-service-peerstore @@ -3,22 +3,19 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore { + #include #include - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, + #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore mr, #Gnunet Plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw, + @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db-journal rw, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-regex b/contrib/apparmor/gnunet-service-regex index 358675dc0..ba7a4f3a5 100644 --- a/contrib/apparmor/gnunet-service-regex +++ b/contrib/apparmor/gnunet-service-regex @@ -3,16 +3,13 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex { + #include #include - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-resolver b/contrib/apparmor/gnunet-service-resolver index 6c5e3eb60..9e2002575 100644 --- a/contrib/apparmor/gnunet-service-resolver +++ b/contrib/apparmor/gnunet-service-resolver @@ -3,31 +3,18 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver mr, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libnss_files-*.so mr, - /usr/lib/libnss_gns.so.* mr, - /usr/lib/libnss_dns-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/libnss_myhostname.so.* mr, - /usr/lib/librt-*.so mr, - /usr/lib/liblzma.so.* mr, - /usr/lib/liblz4.so.* mr, - /usr/lib/libacl.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libseccomp.so.* mr, - /usr/lib/libcap.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libattr.so.* mr, - /etc/nsswitch.conf r, /etc/resolv.conf r, /etc/host.conf r, /etc/hosts r, /tmp/gnunet-system-runtime/gnunet-service-resolver.sock w, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-revocation b/contrib/apparmor/gnunet-service-revocation index 6e6412820..cd3c59f03 100644 --- a/contrib/apparmor/gnunet-service-revocation +++ b/contrib/apparmor/gnunet-service-revocation @@ -1,27 +1,19 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation { + #include #include - /etc/gnunet.conf r, - @{HOME}/.config/gnunet.conf r, - - /tmp/gnunet-system-runtime/gnunet-service-revocation.unix w, + /tmp/gnunet-system-runtime/gnunet-service-revocation.sock rw, - /var/lib/gnunet/.local/share/gnunet/revocation.dat rw, + @{GNUNET_USER}/.local/share/gnunet/revocation.dat rw, @{HOME}/.local/share/gnunet/revocation.dat rw, - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-scalarproduct-alice b/contrib/apparmor/gnunet-service-scalarproduct-alice index 7a7ba77d5..8801ca824 100644 --- a/contrib/apparmor/gnunet-service-scalarproduct-alice +++ b/contrib/apparmor/gnunet-service-scalarproduct-alice @@ -3,11 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice { + #include #include - /usr/lib/ld-*.so r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-scalarproduct-bob b/contrib/apparmor/gnunet-service-scalarproduct-bob index a7faae9d0..72a7e7f84 100644 --- a/contrib/apparmor/gnunet-service-scalarproduct-bob +++ b/contrib/apparmor/gnunet-service-scalarproduct-bob @@ -3,12 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob { + #include #include - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob mr, - - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-set b/contrib/apparmor/gnunet-service-set index 4aa0253d8..000884cd6 100644 --- a/contrib/apparmor/gnunet-service-set +++ b/contrib/apparmor/gnunet-service-set @@ -3,15 +3,11 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set { + #include #include @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - - #Librairies - /usr/lib/ld-*.so r, + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-statistics b/contrib/apparmor/gnunet-service-statistics index e26e30edc..e5a8df7c4 100644 --- a/contrib/apparmor/gnunet-service-statistics +++ b/contrib/apparmor/gnunet-service-statistics @@ -1,16 +1,15 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics { + #include #include - /var/lib/gnunet/.local/share/gnunet/statistics.dat rw, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/statistics.dat rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics mr, - - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-template b/contrib/apparmor/gnunet-service-template index 824183e78..4b442239f 100644 --- a/contrib/apparmor/gnunet-service-template +++ b/contrib/apparmor/gnunet-service-template @@ -3,14 +3,14 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template { + #include #include /tmp/gnunet-system-runtime/ w, /tmp/gnunet-system-runtime/gnunet-service-template.sock w, - #Librairies - /usr/lib/ld-*.so r, - - #Gnunet Librairies @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-testbed b/contrib/apparmor/gnunet-service-testbed index 06e8f36ea..24f5c4525 100644 --- a/contrib/apparmor/gnunet-service-testbed +++ b/contrib/apparmor/gnunet-service-testbed @@ -2,8 +2,10 @@ #include #include -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed { + #include #include + #include /etc/gai.conf r, @@ -11,26 +13,17 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(compla /tmp/gnunet-system-runtime/gnunet-service-testbed-barrier.sock w, /tmp/gnunet-system-runtime/gnunet-service-testbed.sock w, - /usr/lib/ld-*.so r, - - /dev/null r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-* r, @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, - + + #GNUnet helper + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed Px, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-testbed-logger b/contrib/apparmor/gnunet-service-testbed-logger index 5bd6a77d3..0baefb466 100644 --- a/contrib/apparmor/gnunet-service-testbed-logger +++ b/contrib/apparmor/gnunet-service-testbed-logger @@ -3,6 +3,7 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger { + #include #include #??? @@ -11,7 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger { /tmp/gnunet-system-runtime/ w, /tmp/gnunet-system-runtime/gnunet-gnunet-testbed-logger.sock w, - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-transport b/contrib/apparmor/gnunet-service-transport index 52985cf1b..ab724c153 100644 --- a/contrib/apparmor/gnunet-service-transport +++ b/contrib/apparmor/gnunet-service-transport @@ -1,29 +1,21 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport { + #include #include - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport mr, #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfragmentation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnat.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-service-vpn b/contrib/apparmor/gnunet-service-vpn index 2d3438bf6..d17925f1b 100644 --- a/contrib/apparmor/gnunet-service-vpn +++ b/contrib/apparmor/gnunet-service-vpn @@ -3,25 +3,15 @@ #include profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn { + #include #include - - #Capability - capability setuid, - capability net_admin, - /dev/net/tun rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn mr, - #Librairies - /usr/lib/ld-*.so r, - #Gnunet helper @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn Px, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/contrib/apparmor/gnunet-set-ibf-profiler b/contrib/apparmor/gnunet-set-ibf-profiler new file mode 100644 index 000000000..71fa98649 --- /dev/null +++ b/contrib/apparmor/gnunet-set-ibf-profiler @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 18:15:38 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-set-profiler b/contrib/apparmor/gnunet-set-profiler new file mode 100644 index 000000000..f72c4a226 --- /dev/null +++ b/contrib/apparmor/gnunet-set-profiler @@ -0,0 +1,14 @@ +# Last Modified: Mon Aug 10 18:17:19 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-set-profiler { + #include + #include + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_PREFIX}/bin/gnunet-set-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-setup b/contrib/apparmor/gnunet-setup new file mode 100644 index 000000000..9243dd75e --- /dev/null +++ b/contrib/apparmor/gnunet-setup @@ -0,0 +1,57 @@ +# Last Modified: Tue Aug 11 16:25:03 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-setup { + #include + #include + #include + + /etc/nsswitch.conf r, + /etc/passwd r, + @{PROC}/@{pid}/fd/ r, + + /usr/bin/exo-open rix, + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px, + + @{GNUNET_PREFIX}/bin/gnunet-setup mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r, + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_setup_main_window.glade r, + + @{HOME}/.config/gtk-*/bookmarks r, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.so mr, + + /usr/share/glib-*/schemas/gschemas.compiled r, + /usr/share/gtk-*/gtkrc r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-statistics b/contrib/apparmor/gnunet-statistics new file mode 100644 index 000000000..d9538e35b --- /dev/null +++ b/contrib/apparmor/gnunet-statistics @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:15:07 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-statistics { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-statistics mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-statistics-gtk b/contrib/apparmor/gnunet-statistics-gtk new file mode 100644 index 000000000..2e13b8ada --- /dev/null +++ b/contrib/apparmor/gnunet-statistics-gtk @@ -0,0 +1,16 @@ +# Last Modified: Wed Aug 5 11:25:27 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk { + #include + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_statistics_gtk_main_window.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-template b/contrib/apparmor/gnunet-template new file mode 100644 index 000000000..844dc22ae --- /dev/null +++ b/contrib/apparmor/gnunet-template @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:22:33 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-template { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-template mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-testbed-profiler b/contrib/apparmor/gnunet-testbed-profiler new file mode 100644 index 000000000..0f8d79ad9 --- /dev/null +++ b/contrib/apparmor/gnunet-testbed-profiler @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:38:17 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-testing b/contrib/apparmor/gnunet-testing new file mode 100644 index 000000000..a0cac673d --- /dev/null +++ b/contrib/apparmor/gnunet-testing @@ -0,0 +1,20 @@ +# Last Modified: Mon Aug 10 16:54:53 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-testing { + #include + #include + #include + + /etc/gai.conf r, + + @{GNUNET_PREFIX}/bin/gnunet-testing mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px, + + @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-transport b/contrib/apparmor/gnunet-transport new file mode 100644 index 000000000..70b0cd228 --- /dev/null +++ b/contrib/apparmor/gnunet-transport @@ -0,0 +1,15 @@ +# Last Modified: Mon Aug 10 17:17:40 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-transport { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-transport mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-transport-certificate-creation b/contrib/apparmor/gnunet-transport-certificate-creation new file mode 100644 index 000000000..fa65305d7 --- /dev/null +++ b/contrib/apparmor/gnunet-transport-certificate-creation @@ -0,0 +1,26 @@ +# Last Modified: Mon Aug 10 17:31:32 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation { + #include + #include + #include + + @{HOME}/.rnd rw, + + @{PROC}/meminfo r, + + /usr/bin/openssl rix, + + @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation mr, + + #Access to arg privatekey and certificate ? + @{HOME}/ rw, + @{HOME}/** rw, + deny @{HOME}/.*/ rw, + deny @{HOME}/.*/** rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-unindex b/contrib/apparmor/gnunet-unindex new file mode 100644 index 000000000..e94a33152 --- /dev/null +++ b/contrib/apparmor/gnunet-unindex @@ -0,0 +1,21 @@ +# Last Modified: Mon Aug 10 17:40:53 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-unindex { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-unindex mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + #Path to files to unindex ? + @{HOME}/ rw, + @{HOME}/** rw, + deny @{HOME}/.*/ rw, + deny @{HOME}/.*/** rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-uri b/contrib/apparmor/gnunet-uri new file mode 100644 index 000000000..d314fbad5 --- /dev/null +++ b/contrib/apparmor/gnunet-uri @@ -0,0 +1,16 @@ +# Last Modified: Mon Aug 10 18:04:08 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-uri { + #include + #include + + #More needed + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px, + + @{GNUNET_PREFIX}/bin/gnunet-uri mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/gnunet-vpn b/contrib/apparmor/gnunet-vpn new file mode 100644 index 000000000..1cf5b5ecc --- /dev/null +++ b/contrib/apparmor/gnunet-vpn @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 18:11:26 2015 +#include +#include + +profile @{GNUNET_PREFIX}/bin/gnunet-vpn { + #include + #include + + @{GNUNET_PREFIX}/bin/gnunet-vpn mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/contrib/apparmor/tunables/gnunet b/contrib/apparmor/tunables/gnunet index e7ff8256a..106169714 100644 --- a/contrib/apparmor/tunables/gnunet +++ b/contrib/apparmor/tunables/gnunet @@ -1 +1,6 @@ @{GNUNET_PREFIX}=/usr/local +@{GNUNET_USER}=/var/lib/gnunet +@{LIBPRE}=/ /usr/ +@{LIBDIRS}=lib{,32,64} lib/@{multiarch} +@{LIBS}=libc libm linux-vso + -- cgit v1.2.3