From 8f898484dc5034bb8900ee989c88ed31787ca442 Mon Sep 17 00:00:00 2001
From: Julien Morvan <julien.morvan@outlook.com>
Date: Tue, 28 Jul 2015 14:56:33 +0000
Subject: Add AppArmor profiles

---
 contrib/apparmor/usr.local.bin.gnunet-arm          |  27 +++++
 ...usr.local.lib.gnunet.libexec.gnunet-daemon-exit |  23 +++++
 ...local.lib.gnunet.libexec.gnunet-daemon-hostlist |  65 ++++++++++++
 ...lib.gnunet.libexec.gnunet-daemon-latency-logger |  16 +++
 .../usr.local.lib.gnunet.libexec.gnunet-daemon-pt  |  25 +++++
 ....lib.gnunet.libexec.gnunet-daemon-regexprofiler |  12 +++
 ....gnunet.libexec.gnunet-daemon-testbed-blacklist |  12 +++
 ...b.gnunet.libexec.gnunet-daemon-testbed-underlay |  22 +++++
 ...local.lib.gnunet.libexec.gnunet-daemon-topology |  26 +++++
 .../usr.local.lib.gnunet.libexec.gnunet-dns2gns    |  25 +++++
 .../usr.local.lib.gnunet.libexec.gnunet-gns-proxy  |  49 +++++++++
 ...lib.gnunet.libexec.gnunet-helper-audio-playback |   9 ++
 ...l.lib.gnunet.libexec.gnunet-helper-audio-record |   9 ++
 .../usr.local.lib.gnunet.libexec.gnunet-helper-dns |  43 ++++++++
 ...usr.local.lib.gnunet.libexec.gnunet-helper-exit |  11 +++
 ...cal.lib.gnunet.libexec.gnunet-helper-fs-publish |  13 +++
 ...cal.lib.gnunet.libexec.gnunet-helper-nat-client |  11 +++
 ...cal.lib.gnunet.libexec.gnunet-helper-nat-server |  11 +++
 ....local.lib.gnunet.libexec.gnunet-helper-testbed |  36 +++++++
 ...lib.gnunet.libexec.gnunet-helper-transport-wlan |  11 +++
 ...unet.libexec.gnunet-helper-transport-wlan-dummy |   9 ++
 .../usr.local.lib.gnunet.libexec.gnunet-helper-vpn |  16 +++
 ...local.lib.gnunet.libexec.gnunet-namestore-fcfsd |  30 ++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-arm | 109 +++++++++++++++++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-ats |  19 ++++
 ...r.local.lib.gnunet.libexec.gnunet-service-cadet |  21 ++++
 ....lib.gnunet.libexec.gnunet-service-conversation |  27 +++++
 ...sr.local.lib.gnunet.libexec.gnunet-service-core |  19 ++++
 ...cal.lib.gnunet.libexec.gnunet-service-datastore |  26 +++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-dht |  56 +++++++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-dns |  19 ++++
 .../usr.local.lib.gnunet.libexec.gnunet-service-fs |  59 +++++++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-gns |  29 ++++++
 ...ocal.lib.gnunet.libexec.gnunet-service-identity |  24 +++++
 ...sr.local.lib.gnunet.libexec.gnunet-service-mesh |  29 ++++++
 ...cal.lib.gnunet.libexec.gnunet-service-namecache |  29 ++++++
 ...cal.lib.gnunet.libexec.gnunet-service-namestore |  35 +++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-nse |  23 +++++
 ...ocal.lib.gnunet.libexec.gnunet-service-peerinfo |  20 ++++
 ...cal.lib.gnunet.libexec.gnunet-service-peerstore |  23 +++++
 ...r.local.lib.gnunet.libexec.gnunet-service-regex |  17 ++++
 ...ocal.lib.gnunet.libexec.gnunet-service-resolver |  32 ++++++
 ...al.lib.gnunet.libexec.gnunet-service-revocation |  26 +++++
 ...unet.libexec.gnunet-service-scalarproduct-alice |  12 +++
 ...gnunet.libexec.gnunet-service-scalarproduct-bob |  11 +++
 ...usr.local.lib.gnunet.libexec.gnunet-service-set |  17 ++++
 ...al.lib.gnunet.libexec.gnunet-service-statistics |  15 +++
 ...ocal.lib.gnunet.libexec.gnunet-service-template |  15 +++
 ...local.lib.gnunet.libexec.gnunet-service-testbed |  35 +++++++
 ...ib.gnunet.libexec.gnunet-service-testbed-logger |  16 +++
 ...cal.lib.gnunet.libexec.gnunet-service-transport |  28 ++++++
 ...usr.local.lib.gnunet.libexec.gnunet-service-vpn |  26 +++++
 52 files changed, 1328 insertions(+)
 create mode 100644 contrib/apparmor/usr.local.bin.gnunet-arm
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-exit
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-hostlist
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-latency-logger
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-pt
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-regexprofiler
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-blacklist
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-underlay
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-topology
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-dns2gns
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-gns-proxy
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-playback
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-record
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-exit
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-fs-publish
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-client
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-server
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-testbed
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan-dummy
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-vpn
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-namestore-fcfsd
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-arm
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-ats
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-cadet
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-conversation
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-core
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-datastore
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dht
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dns
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-fs
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-gns
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-identity
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-mesh
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namecache
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namestore
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-nse
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerinfo
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerstore
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-regex
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-resolver
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-revocation
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-alice
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-bob
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-set
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-statistics
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-template
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed-logger
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-transport
 create mode 100644 contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-vpn

(limited to 'contrib')

diff --git a/contrib/apparmor/usr.local.bin.gnunet-arm b/contrib/apparmor/usr.local.bin.gnunet-arm
new file mode 100644
index 000000000..83f758238
--- /dev/null
+++ b/contrib/apparmor/usr.local.bin.gnunet-arm
@@ -0,0 +1,27 @@
+#/usr/local/lib Last Modified: Fri Jul  3 14:48:33 2015
+#include <tunables/global>
+
+/usr/local/bin/gnunet-arm {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/bin/gnunet-arm mr,
+
+  /usr/lib/gconv/gconv-modules r,
+
+  /usr/local/lib/libgnunetarm.so.* mr,
+
+  /dev/null ra,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/share/locale/locale.alias r,
+  /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+
+  #Gnunet service
+  /usr/local/lib/gnunet/libexec/gnunet-service-arm Px ,
+
+  /tmp/gnunet-*-runtime/ rw,
+  /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw,
+
+  #/tmp/gnunet-gnunet-runtime/* rw,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-exit b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-exit
new file mode 100644
index 000000000..122b729bd
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-exit
@@ -0,0 +1,23 @@
+# Last Modified: Mon Jul 27 15:57:50 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-exit {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-exit mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetdnsstub.so.* mr,
+  /usr/local/lib/libgnunetregex.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettun.so.* mr,
+
+  /usr/share/locale/locale.alias r,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-hostlist b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-hostlist
new file mode 100644
index 000000000..d9d32cb61
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-hostlist
@@ -0,0 +1,65 @@
+# Last Modified: Fri Jul 10 10:43:55 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-hostlist {
+   #include <abstractions/gnunet-common>
+
+  /etc/gai.conf r,
+  /etc/host.conf r,
+  /etc/hosts r,
+  /etc/nsswitch.conf r,
+  /etc/resolv.conf r,
+
+  /usr/lib/gconv/gconv-modules r,
+
+  #Librairies  
+  /usr/lib/ld-*.so r,
+  /usr/lib/libacl.so.* mr,
+  /usr/lib/libattr.so.* mr,
+  /usr/lib/libcap.so.* mr,
+  /usr/lib/libcom_err.so.* mr,
+  /usr/lib/libcrypto.so.* mr,
+  /usr/lib/libffi.so.* mr,
+  /usr/lib/libgmp.so.* mr,
+  /usr/lib/libgnurl.so.* mr,
+  /usr/lib/libgnutls.so.* mr,
+  /usr/lib/libgssapi_krb5.so.* mr,
+  /usr/lib/libhogweed.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/libk5crypto.so.* mr,
+  /usr/lib/libkeyutils.so.* mr,
+  /usr/lib/libkrb5.so.* mr,
+  /usr/lib/libkrb5support.so.* mr,
+  /usr/lib/liblz4.so.* mr,
+  /usr/lib/liblzma.so.* mr,
+  /usr/lib/libmicrohttpd.so.* mr,
+  /usr/lib/libnettle.so.* mr,
+  /usr/lib/libnss_dns-*.so mr,
+  /usr/lib/libnss_files-*.so mr,
+  /usr/lib/libnss_gns.so.* mr,
+  /usr/lib/libnss_myhostname.so.* mr,
+  /usr/lib/libp11-kit.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libresolv-*.so mr,
+  /usr/lib/librt-*.so mr,
+  /usr/lib/libseccomp.so.* mr,
+  /usr/lib/libssh2.so.* mr,
+  /usr/lib/libssl.so.* mr,
+  /usr/lib/libtasn1.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-hostlist mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /usr/local/lib/libgnunetutil.so.* mr,
+
+  /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+  /usr/share/locale/locale.alias r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-latency-logger b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-latency-logger
new file mode 100644
index 000000000..a25852bf8
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-latency-logger
@@ -0,0 +1,16 @@
+# Last Modified: Mon Jul 27 16:25:08 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-latency-logger {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libsqlite3.so.* mr,
+  /usr/lib/locale/locale-archive r,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-latency-logger mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/share/locale/locale.alias r,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-pt b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-pt
new file mode 100644
index 000000000..95a1bcf52
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-pt
@@ -0,0 +1,25 @@
+# Last Modified: Mon Jul 20 17:48:20 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-pt {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libidn.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-pt mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetdns.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetmesh.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetvpn.so.* mr,
+
+  /usr/share/locale/locale.alias r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-regexprofiler b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-regexprofiler
new file mode 100644
index 000000000..da3d40887
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-regexprofiler
@@ -0,0 +1,12 @@
+# Last Modified: Tue Jul 28 11:42:58 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-regexprofiler flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-regexprofiler mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetregexblock.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-blacklist b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-blacklist
new file mode 100644
index 000000000..15fa9ffe5
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-blacklist
@@ -0,0 +1,12 @@
+# Last Modified: Tue Jul 28 11:42:58 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-underlay b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-underlay
new file mode 100644
index 000000000..260b60400
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-testbed-underlay
@@ -0,0 +1,22 @@
+# Last Modified: Mon Jul 27 16:37:03 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-testbed-underlay {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libsqlite3.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-testbed-underlay mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+
+  /usr/share/locale/locale.alias r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-topology b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-topology
new file mode 100644
index 000000000..eb1d9306f
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-daemon-topology
@@ -0,0 +1,26 @@
+# Last Modified: Fri Jul  3 17:37:12 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-daemon-topology {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-topology mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetfriends.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+
+  /usr/lib/ld-*.so r,
+  
+  /usr/lib//locale/locale-archive r,
+
+  /usr/lib/gconv/gconv-modules r,
+
+  /usr/share/locale/locale.alias r,
+  /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-dns2gns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-dns2gns
new file mode 100644
index 000000000..5b1bdc2b0
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-dns2gns
@@ -0,0 +1,25 @@
+# Last Modified: Tue Jul 21 16:45:05 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-dns2gns {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libidn.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-dns2gns mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetdnsstub.so.* mr,
+  /usr/local/lib/libgnunetgns.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetidentity.so.* mr,
+  /usr/local/lib/libgnunetnamestore.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+  /usr/share/locale/locale.alias r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-gns-proxy b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-gns-proxy
new file mode 100644
index 000000000..62efa7744
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-gns-proxy
@@ -0,0 +1,49 @@
+# Last Modified: Tue Jul 21 16:35:07 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-gns-proxy {
+  #include <abstractions/gnunet-common>
+
+  /etc/ssl/openssl.cnf r,
+
+  @{HOME}/.local/share/gnunet/gns/gns_ca_cert.pem r,
+
+  #Librairies
+  /usr/lib/gconv/gconv-modules r,
+  /usr/lib/ld-*.so r,
+  /usr/lib/libcom_err.so.* mr,
+  /usr/lib/libcrypto.so.* mr,
+  /usr/lib/libffi.so.* mr,
+  /usr/lib/libgmp.so.* mr,
+  /usr/lib/libgnurl.so.* mr,
+  /usr/lib/libgnutls.so.* mr,
+  /usr/lib/libgssapi_krb5.so.* mr,
+  /usr/lib/libhogweed.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/libk5crypto.so.* mr,
+  /usr/lib/libkeyutils.so.* mr,
+  /usr/lib/libkrb5.so.* mr,
+  /usr/lib/libkrb5support.so.* mr,
+  /usr/lib/libltdl.so.* mr,
+  /usr/lib/libmicrohttpd.so.* mr,
+  /usr/lib/libnettle.so.* mr,
+  /usr/lib/libp11-kit.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libresolv-*.so mr,
+  /usr/lib/libssh2.so.* mr,
+  /usr/lib/libssl.so.* mr,
+  /usr/lib/libtasn1.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-gns-proxy mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetgns.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetidentity.so.* mr,
+
+  /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+  /usr/share/locale/locale.alias r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-playback b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-playback
new file mode 100644
index 000000000..b6663899e
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-playback
@@ -0,0 +1,9 @@
+# Last Modified: Tue Jul 28 11:46:24 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-audio-playback flags=(complain) {
+  #include <abstractions/gnunet-common>
+  #include <abstractions/gnunet-libaudio>
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-audio-playback mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-record b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-record
new file mode 100644
index 000000000..e0a41edc3
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-audio-record
@@ -0,0 +1,9 @@
+# Last Modified: Tue Jul 28 11:42:58 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-audio-record flags=(complain) {
+  #include <abstractions/gnunet-common>
+  #include <abstractions/gnunet-libaudio>
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-audio-record mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
new file mode 100644
index 000000000..960cf09b5
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-dns
@@ -0,0 +1,43 @@
+# Last Modified: Mon Jul 27 15:24:34 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  capability net_admin,
+  capability net_raw,
+  capability setuid,
+
+  /dev/net/tun rw,
+  /dev/null rw,
+
+  /etc/gai.conf r,
+  /etc/group r,
+  /etc/iproute2/rt_tables r,
+  /etc/nsswitch.conf r,
+  /etc/protocols r,
+
+  @{PROC}/@{pid}/net/ip_tables_names r,
+  @{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
+  @{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
+
+  /usr/bin/ip rix,
+  /usr/bin/sysctl rix,
+  /usr/bin/xtables-multi rix,
+
+  /usr/lib/iptables/libxt_MARK.so mr,
+  /usr/lib/iptables/libxt_owner.so mr,
+  /usr/lib/iptables/libxt_standard.so mr,
+  /usr/lib/iptables/libxt_udp.so mr,
+
+  /usr/lib/ld-*.so r,
+  /usr/lib/libip4tc.so.* mr,
+  /usr/lib/libip6tc.so.* mr,
+  /usr/lib/libnss_files-*.so mr,
+
+  /usr/lib/libxtables.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-dns mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-exit b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-exit
new file mode 100644
index 000000000..e18b49358
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-exit
@@ -0,0 +1,11 @@
+# Last Modified: Tue Jul 28 11:44:00 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-exit flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  capability setuid,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-exit mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-fs-publish b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-fs-publish
new file mode 100644
index 000000000..ad0a142f7
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-fs-publish
@@ -0,0 +1,13 @@
+# Last Modified: Tue Jul 28 11:42:58 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-fs-publish flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/libbz2.so.* mr,
+  /usr/lib/libextractor.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/librt-*.so mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-fs-publish mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-client b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-client
new file mode 100644
index 000000000..32cb42552
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-client
@@ -0,0 +1,11 @@
+# Last Modified: Tue Jul 28 11:44:00 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-nat-client flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  capability setuid,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-nat-client mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-server b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-server
new file mode 100644
index 000000000..c3bd37910
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-nat-server
@@ -0,0 +1,11 @@
+# Last Modified: Tue Jul 28 11:44:00 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-nat-server flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  capability setuid,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-nat-server mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-testbed b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-testbed
new file mode 100644
index 000000000..8c6748d4a
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-testbed
@@ -0,0 +1,36 @@
+# Last Modified: Mon Jul 27 11:02:37 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-testbed flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /dev/null rw,
+ 
+  /etc/gai.conf r,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/share/locale/locale.alias r,
+  /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+
+  /usr/lib/gconv/gconv-modules r,
+
+  /usr/local/lib/gnunet/libexec/ r,
+  /usr/local/lib/gnunet/libexec/gnunet-helper-testbed mr,
+  /usr/local/lib/gnunet/libexec/gnunet-service-arm r,
+  /usr/local/lib/gnunet/libexec/gnunet-service-testbed Px,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetarm.so.* mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettestbed.so.* mr,
+  /usr/local/lib/libgnunettesting.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+
+  /usr/local/share/gnunet/testing_hostkeys.ecc r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan
new file mode 100644
index 000000000..6f2f98e15
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan
@@ -0,0 +1,11 @@
+# Last Modified: Tue Jul 28 11:44:00 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-transport-wlan flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  capability setuid,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-transport-wlan mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan-dummy b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan-dummy
new file mode 100644
index 000000000..d9ffed813
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-transport-wlan-dummy
@@ -0,0 +1,9 @@
+# Last Modified: Tue Jul 28 11:36:52 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-vpn b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-vpn
new file mode 100644
index 000000000..3f9051db3
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-helper-vpn
@@ -0,0 +1,16 @@
+# Last Modified: Mon Jul 27 11:06:22 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-helper-vpn flags=(complain) {
+
+  capability net_admin,
+  capability setuid,
+
+  /dev/net/tun rw,
+  /etc/ld.so.cache r,
+  /usr/lib/ld-*.so r,
+  /usr/lib/libc-*.so mr,
+  /usr/lib/libm-*.so mr,
+  /usr/local/lib/gnunet/libexec/gnunet-helper-vpn mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-namestore-fcfsd b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-namestore-fcfsd
new file mode 100644
index 000000000..43527ae3b
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-namestore-fcfsd
@@ -0,0 +1,30 @@
+# Last Modified: Tue Jul 21 17:25:12 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-namestore-fcfsd {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libffi.so.* mr,
+  /usr/lib/libgmp.so.* mr,
+  /usr/lib/libgnutls.so.* mr,
+  /usr/lib/libhogweed.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/libmicrohttpd.so.* mr,
+  /usr/lib/libnettle.so.* mr,
+  /usr/lib/libp11-kit.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libtasn1.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-namestore-fcfsd mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetidentity.so.* mr,
+  /usr/local/lib/libgnunetnamestore.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-arm b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-arm
new file mode 100644
index 000000000..fe3f037ed
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-arm
@@ -0,0 +1,109 @@
+# Last Modified: Thu Jul  9 10:27:23 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-arm {
+  #include <abstractions/gnunet-common> 
+
+  /dev/null ra,
+
+  /tmp/gnunet-*-runtime/ rw,
+  /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw,
+  /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw,
+  /tmp/gnunet-*-runtime/gnunet-service-identity.unix rw,
+  /tmp/gnunet-*-runtime/gnunet-service-namestore.sock rw,
+
+  /tmp/gnunet-system-runtime/ rw,
+  /tmp/gnunet-system-runtime/gnunet-service-*.sock rw,
+  /tmp/gnunet-system-runtime/gnunet-service-nse.unix rw,
+  /tmp/gnunet-system-runtime/gnunet-service-revocation.unix rw,
+
+  /var/lib/gnunet/.local/share/gnunet/ r,
+  /var/lib/gnunet/.local/share/gnunet/revocation.dat r,
+  /var/lib/gnunet/.local/share/gnunet/peerstore/ a,
+  /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk,
+  /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw,
+  /var/lib/gnunet/.config/gnunet.conf r,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  
+  /usr/lib/libsqlite3.so.* mr,
+
+  /usr/lib/locale/locale-archive r,
+
+  /usr/share/locale/locale-alias r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-arm mr,
+
+  /usr/local/lib/gnunet/ r,
+
+  /usr/local/lib/gnunet/libexec/ r,
+
+  #Gnunet daemon
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-exit Px,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-hostlist Px,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-latency-logger Px,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-testbed-underlay Px,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-topology Px,
+  /usr/local/lib/gnunet/libexec/gnunet-daemon-pt Px,
+
+  /usr/local/lib/gnunet/libexec/gnunet-dns2gns Px,
+
+  /usr/local/lib/gnunet/libexec/gnunet-gns-proxy Px,
+
+  /usr/local/lib/gnunet/libexec/gnunet-namestore-fcfsd Px,
+
+  #Gnunet service
+  /usr/local/lib/gnunet/libexec/gnunet-service-ats Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-cadet Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-core Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-conversation Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-datastore Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-dht Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-dns Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-fs Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-gns Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-identity Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-mesh Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-namecache Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-namestore Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-nse Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-peerinfo Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-peerstore Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-regex Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-resolver Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-revocation Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-set Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-alice Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-bob Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-statistics Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-template Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-testbed Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-testbed-logger Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-transport Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-vpn Px,
+
+  #Gnunet helper
+  /usr/local/lib/gnunet/libexec/gnunet-helper-dns r,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetdnsstub.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* r,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetnamecache.so.* r,
+  /usr/local/lib/libgnunetpeerstore.so.* mr,
+  /usr/local/lib/libgnunetregex.so.* mr,
+  /usr/local/lib/libgnunetset.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /usr/local/lib/libgnunettun.so.* mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-ats b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-ats
new file mode 100644
index 000000000..86273dc34
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-ats
@@ -0,0 +1,19 @@
+# Last Modified: Wed Jul  8 10:49:34 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-ats {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-ats mr,
+  
+  #Gnunet librairies
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_ats_proportional.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_ats_proportional.so mr,
+
+  /usr/lib/ld-*.so r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-cadet b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-cadet
new file mode 100644
index 000000000..f834a6d05
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-cadet
@@ -0,0 +1,21 @@
+# Last Modified: Mon Jul 27 11:09:34 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-cadet {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/librt-*.so mr,
+  /usr/local/lib/gnunet/libexec/gnunet-service-cadet mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetblock.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-conversation b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-conversation
new file mode 100644
index 000000000..9b952866e
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-conversation
@@ -0,0 +1,27 @@
+# Last Modified: Tue Jul 21 16:53:39 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-conversation {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libidn.so.* mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-conversation mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetconversation.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetgns.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetidentity.so.* mr,
+  /usr/local/lib/libgnunetmesh.so.* mr,
+  /usr/local/lib/libgnunetmicrophone.so.* mr,
+  /usr/local/lib/libgnunetnamestore.so.* mr,
+  /usr/local/lib/libgnunetspeaker.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-core b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-core
new file mode 100644
index 000000000..e2b4229bb
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-core
@@ -0,0 +1,19 @@
+# Last Modified: Thu Jul  9 10:16:30 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-core {
+  #include <abstractions/gnunet-common>
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-core mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-datastore b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-datastore
new file mode 100644
index 000000000..b38121e65
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-datastore
@@ -0,0 +1,26 @@
+# Last Modified: Thu Jul  9 10:16:30 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-datastore {
+  #include <abstractions/gnunet-common>
+  
+  /var/lib/gnunet/.local/share/gnunet/datastore/bloomfilter.sqlite rw,
+  /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db rwk,
+  /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db-journal rw,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libsqlite3.so.* mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-datastore mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr,
+
+  #Gnunet Librairies
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetutil.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dht b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dht
new file mode 100644
index 000000000..224465cd5
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dht
@@ -0,0 +1,56 @@
+# Last Modified: Fri Jul  3 17:37:39 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-dht {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-dht mr,
+ 
+  #Gnunet librairies
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetnse.so.* mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetblock.so.* mr,
+  /usr/local/lib/libgnunetdatacache.so.* mr,  
+  /usr/local/lib/libgnunetfs.so.* mr,  
+  /usr/local/lib/libgnunetdatastore.so.* mr,
+  /usr/local/lib/libgnunetregexblock.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  
+  #Gnunet plugin
+  /usr/local/lib/gnunet/ r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_template.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_template.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dns.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dns.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_fs.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_fs.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_regex.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_regex.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dht.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dht.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dht.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_test.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_test.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_gns.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_gns.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_datacache_heap.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_datacache_heap.so mr,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libextractor.so.* mr,
+  /usr/lib/libbz2.so.* mr,
+  /usr/lib/librt-*.so mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libidn.so.* mr,
+
+  /tmp/gnunet-system-runtime/gnunet-service-dht.sock w,
+  
+  /tmp/gnunet-datacachebloom* rw,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dns
new file mode 100644
index 000000000..2f2dd711a
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-dns
@@ -0,0 +1,19 @@
+# Last Modified: Mon Jul 27 15:18:30 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-dns {
+  #include <abstractions/gnunet-common>
+
+  capability setgid,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-helper-dns Px,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-dns mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdnsstub.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettun.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-fs b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-fs
new file mode 100644
index 000000000..247d29282
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-fs
@@ -0,0 +1,59 @@
+# Last Modified: Wed Jul  8 10:52:48 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-fs {
+  #include <abstractions/gnunet-common>
+
+  /etc/gnunet.conf r,
+  @{HOME}/.config/gnunet.conf r,
+
+  /tmp/gnunet-system-runtime/gnunet-service-fs.sock w,
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+
+  owner @{HOME}/.local/share/gnunet/fs/idxinfo.lst r,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libbz2.so.* mr,
+  /usr/lib/libextractor.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/librt-*.so mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-fs mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/ r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dht.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dht.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dns.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_dns.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_fs.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_fs.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_gns.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_gns.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_regex.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_regex.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_template.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_template.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_test.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_block_test.so mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetblock.so.* mr,
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetdatastore.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetfs.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetmesh.so.* mr,
+  /usr/local/lib/libgnunetpeerstore.so.* mr,
+  /usr/local/lib/libgnunetregexblock.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-gns b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-gns
new file mode 100644
index 000000000..c7f650d1b
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-gns
@@ -0,0 +1,29 @@
+# Last Modified: Wed Jul  8 15:17:46 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-gns {
+  #include <abstractions/gnunet-common>
+
+  @{HOME}/.config/gnunet.conf r,
+
+  #Librairies
+  /usr/lib/ld-2.21.so r,
+  /usr/lib/libidn.so.* mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-gns mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetdns.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetdnsstub.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetidentity.so.* mr,
+  /usr/local/lib/libgnunetnamecache.so.* mr,
+  /usr/local/lib/libgnunetnamestore.so.* mr,
+  /usr/local/lib/libgnunetrevocation.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettun.so.* mr,
+  /usr/local/lib/libgnunetvpn.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-identity b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-identity
new file mode 100644
index 000000000..7e550acb9
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-identity
@@ -0,0 +1,24 @@
+# Last Modified: Tue Jul 21 11:51:29 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-identity {
+  #include <abstractions/gnunet-common>
+
+  /tmp/gnunet-*-runtime/ a,
+
+  /usr/lib/ld-*.so r,
+
+  /var/lib/gnunet/.local/share/gnunet/identity/ a,
+  /var/lib/gnunet/.local/share/gnunet/identity/egos/ ra,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-identity mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+  @{HOME}/.config/gnunet/identity/subsystem_defaults.conf rw,
+
+  @{HOME}/.local/share/gnunet/identity/egos/ r,
+  @{HOME}/.local/share/gnunet/identity/egos/master-zone rk,
+  @{HOME}/.local/share/gnunet/identity/egos/private-zone rk,
+  @{HOME}/.local/share/gnunet/identity/egos/short-zone rk,
+  @{HOME}/.local/share/gnunet/identity/egos/sks-zone rk,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-mesh b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-mesh
new file mode 100644
index 000000000..1496e228f
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-mesh
@@ -0,0 +1,29 @@
+# Last Modified: Fri Jul  3 17:37:56 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-mesh {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-mesh mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetblock.so.* mr,
+
+  #Librairies
+  /usr/lib/librt-*.so mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/ld-*.so r,
+
+  @{HOME}/.local/share/gnunet/private_key.ecc rk,
+
+  /tmp/gnunet-system-runtime/gnunet-service-mesh.sock w,
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rwk,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namecache b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namecache
new file mode 100644
index 000000000..6338c9a5b
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namecache
@@ -0,0 +1,29 @@
+# Last Modified: Thu Jul  9 10:01:49 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-namecache {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-namecache mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+  /usr/local/lib/libgnunetnamecache.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_namecache_sqlite.so mr,
+
+  /var/lib/gnunet/.local/share/gnunet/namecache/ r,
+  /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db rwk,
+  /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db-journal rw,
+
+  #Librairies  
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libsqlite3.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/ld-*.so r,
+}
+
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namestore b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namestore
new file mode 100644
index 000000000..3b917a2a3
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-namestore
@@ -0,0 +1,35 @@
+# Last Modified: Tue Jul  7 10:43:41 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-namestore {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-namestore mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetnamecache.so.* mr,
+  /usr/local/lib/libgnunetgnsrecord.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunetnamestore.so.* mr,
+  /usr/local/lib/libgnunetdnsparser.so.* mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr,
+
+  #Librairies
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/ld-*.so r,
+  /usr/lib/libsqlite3.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+
+  /var/lib/gnunet/.local/share/gnunet/namestore/ ra,
+  /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db rwk,
+  /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db-journal rw, 
+
+  @{HOME}/.local/share/gnunet/namestore/ r,
+  @{HOME}/.local/share/gnunet/namestore/sqlite.db rwk,
+  @{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw,
+
+  /tmp/gnunet-*-runtime/ a,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-nse b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-nse
new file mode 100644
index 000000000..54acd5215
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-nse
@@ -0,0 +1,23 @@
+# Last Modified: Fri Jul  3 17:37:49 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-nse {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-nse mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetnse.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+  /usr/lib/ld-*.so mr,
+
+  /tmp/gnunet-system-runtime/gnunet-service-nse.unix w,
+
+  @{HOME}/.local/share/gnunet/private_key.ecc rk,
+  owner @{HOME}/.local/share/gnunet/nse/proof.dat rw,
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rwk,
+  /var/lib/gnunet/.local/share/gnunet/nse/proof.dat rw,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerinfo b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerinfo
new file mode 100644
index 000000000..8c7f079b4
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerinfo
@@ -0,0 +1,20 @@
+# Last Modified: Wed Jul  8 17:03:17 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-peerinfo {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/share/gnunet/hellos/ r,
+  /usr/local/share/gnunet/hellos/* r,
+
+  /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/ r,
+  /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/* rw,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-peerinfo mr,
+
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerstore b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerstore
new file mode 100644
index 000000000..0f9f8ed8c
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-peerstore
@@ -0,0 +1,23 @@
+# Last Modified: Mon Jul 27 11:06:13 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-peerstore {
+  #include <abstractions/gnunet-common>
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libsqlite3.so.* mr,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-peerstore mr,
+
+  #Gnunet Plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetpeerstore.so.* mr,
+
+  /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk,
+  /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-regex b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-regex
new file mode 100644
index 000000000..e82f0483a
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-regex
@@ -0,0 +1,17 @@
+# Last Modified: Tue Jul 21 16:59:39 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-regex {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-regex mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetdht.so.* mr,
+  /usr/local/lib/libgnunetregexblock.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-resolver b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-resolver
new file mode 100644
index 000000000..0ffa5cea2
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-resolver
@@ -0,0 +1,32 @@
+# Last Modified: Thu Jul  9 10:01:36 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-resolver {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-resolver mr,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+  /usr/lib/libnss_files-*.so mr,
+  /usr/lib/libnss_gns.so.* mr,
+  /usr/lib/libnss_dns-*.so mr,
+  /usr/lib/libresolv-*.so mr,
+  /usr/lib/libnss_myhostname.so.* mr,
+  /usr/lib/librt-*.so mr,
+  /usr/lib/liblzma.so.* mr,
+  /usr/lib/liblz4.so.* mr,
+  /usr/lib/libacl.so.* mr,
+  /usr/lib/libidn.so.* mr,
+  /usr/lib/libseccomp.so.* mr,
+  /usr/lib/libcap.so.* mr,
+  /usr/lib/libpthread-*.so mr,
+  /usr/lib/libattr.so.* mr,
+
+  /etc/nsswitch.conf r,
+  /etc/resolv.conf r,
+  /etc/host.conf r,
+  /etc/hosts r,
+
+  /tmp/gnunet-system-runtime/gnunet-service-resolver.sock w,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-revocation b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-revocation
new file mode 100644
index 000000000..c226502b3
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-revocation
@@ -0,0 +1,26 @@
+# Last Modified: Thu Jul  9 10:16:30 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-revocation {
+  #include <abstractions/gnunet-common>
+  
+  /etc/gnunet.conf r,
+  @{HOME}/.config/gnunet.conf r,
+
+  /tmp/gnunet-system-runtime/gnunet-service-revocation.unix w,
+
+  /var/lib/gnunet/.local/share/gnunet/revocation.dat rw,
+
+  @{HOME}/.local/share/gnunet/revocation.dat rw,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-revocation mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetrevocation.so.* mr,
+  /usr/local/lib/libgnunetset.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-alice b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-alice
new file mode 100644
index 000000000..e61a20daa
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-alice
@@ -0,0 +1,12 @@
+# Last Modified: Mon Jul 27 15:48:05 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-alice {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+  /usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-alice mr,
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetset.so.* mr,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-bob b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-bob
new file mode 100644
index 000000000..c48ac50dc
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-scalarproduct-bob
@@ -0,0 +1,11 @@
+# Last Modified: Mon Jul 27 15:48:05 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-bob {
+  #include <abstractions/gnunet-common>
+
+  /usr/lib/ld-*.so r,
+  /usr/local/lib/gnunet/libexec/gnunet-service-scalarproduct-bob mr,
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetset.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-set b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-set
new file mode 100644
index 000000000..d711f132c
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-set
@@ -0,0 +1,17 @@
+# Last Modified: Wed Jul  8 10:52:48 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-set {
+  #include <abstractions/gnunet-common>
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-set mr,
+  
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunetmesh.so.* mr,
+  /usr/local/lib/libgnunetblock.so.* mr,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-statistics b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-statistics
new file mode 100644
index 000000000..1ff8a8fd1
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-statistics
@@ -0,0 +1,15 @@
+# Last Modified: Thu Jul  9 10:16:30 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-statistics {
+  #include <abstractions/gnunet-common>
+
+  /var/lib/gnunet/.local/share/gnunet/statistics.dat rw,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-statistics mr,
+
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-template b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-template
new file mode 100644
index 000000000..15a00cbee
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-template
@@ -0,0 +1,15 @@
+# Last Modified: Tue Jul 21 16:06:04 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-template {
+  #include <abstractions/gnunet-common>
+
+  /tmp/gnunet-system-runtime/ w,
+  /tmp/gnunet-system-runtime/gnunet-service-template.sock w,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+
+  #Gnunet Librairies
+  /usr/local/lib/gnunet/libexec/gnunet-service-template mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed
new file mode 100644
index 000000000..de9ad2675
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed
@@ -0,0 +1,35 @@
+# Last Modified: Mon Jul 27 11:02:46 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-testbed flags=(complain) {
+  #include <abstractions/gnunet-common>
+
+  /etc/gai.conf r,
+ 
+  /tmp/gnunet-system-runtime/ w,
+  /tmp/gnunet-system-runtime/gnunet-service-testbed-barrier.sock w,
+  /tmp/gnunet-system-runtime/gnunet-service-testbed.sock w,
+
+  /usr/lib/ld-*.so r,
+
+  /dev/null r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-* r,
+
+  /usr/local/lib/gnunet/libexec/ r,
+  /usr/local/lib/gnunet/libexec/gnunet-service-arm Px,
+  /usr/local/lib/gnunet/libexec/gnunet-service-testbed mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetarm.so.* mr,
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetcore.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettestbed.so.* mr,
+  /usr/local/lib/libgnunettesting.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+
+  /usr/local/share/gnunet/testing_hostkeys.ecc r,
+
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed-logger b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed-logger
new file mode 100644
index 000000000..b646b9450
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-testbed-logger
@@ -0,0 +1,16 @@
+# Last Modified: Tue Jul 21 17:19:18 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-testbed-logger {
+  #include <abstractions/gnunet-common>
+
+  #???
+  /tmp/archlinux_*.dat w,
+
+  /tmp/gnunet-system-runtime/ w,
+  /tmp/gnunet-system-runtime/gnunet-gnunet-testbed-logger.sock w,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-testbed-logger mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-transport b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-transport
new file mode 100644
index 000000000..b50541f4c
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-transport
@@ -0,0 +1,28 @@
+# Last Modified: Thu Jul  9 10:16:30 2015
+
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-transport {
+  #include <abstractions/gnunet-common>
+
+  /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk,
+
+  /usr/lib/ld-*.so r,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-transport mr,
+
+  #Gnunet plugin
+  /usr/local/lib/gnunet/libgnunet_plugin_transport_tcp.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_transport_tcp.so mr,
+  /usr/local/lib/gnunet/libgnunet_plugin_transport_udp.la r,
+  /usr/local/lib/gnunet/libgnunet_plugin_transport_udp.so mr,
+
+  #Gnunet librairies
+  /usr/local/lib/libgnunetats.so.* mr,
+  /usr/local/lib/libgnunetfragmentation.so.* mr,
+  /usr/local/lib/libgnunethello.so.* mr,
+  /usr/local/lib/libgnunetnat.so.* mr,
+  /usr/local/lib/libgnunetpeerinfo.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettransport.so.* mr,
+}
diff --git a/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-vpn b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-vpn
new file mode 100644
index 000000000..48fda8563
--- /dev/null
+++ b/contrib/apparmor/usr.local.lib.gnunet.libexec.gnunet-service-vpn
@@ -0,0 +1,26 @@
+# Last Modified: Mon Jul 20 11:20:57 2015
+#include <tunables/global>
+
+/usr/local/lib/gnunet/libexec/gnunet-service-vpn {
+  #include <abstractions/gnunet-common>
+  
+  capability setuid,
+  capability net_admin,
+
+  /dev/net/tun rw,
+
+  /usr/local/lib/gnunet/libexec/gnunet-service-vpn mr,
+
+  #Librairies
+  /usr/lib/ld-*.so r,
+
+  #Gnunet helper
+  /usr/local/lib/gnunet/libexec/gnunet-helper-vpn Px,
+  
+  #Gnunet librairies
+  /usr/local/lib/libgnunetcadet.so.* mr,
+  /usr/local/lib/libgnunetmesh.so.* mr,
+  /usr/local/lib/libgnunetregex.so.* mr,
+  /usr/local/lib/libgnunetstatistics.so.* mr,
+  /usr/local/lib/libgnunettun.so.* mr,
+}
-- 
cgit v1.2.3