blob: 637c9aa7c928146aa0c0f5f6f3a566b81509ab87 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# ------------------------------------------------------------------
#
# Copyright (C) 2011 Jacob Appelbaum <jacob@appelbaum.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# SPDX-License-Identifier: GPL2.0
#
# This should be placed in /etc/apparmor.d/usr.sbin.gnunet-helper-nat-server
# This profile may be a reasonable starting point for other NAT helpers.
#
# ------------------------------------------------------------------
#include <tunables/global>
/usr/bin/gnunet-helper-nat-server {
#include <abstractions/base>
#include <abstractions/consoles>
# Allow these
capability net_raw,
capability setuid,
network inet raw,
network inet dgram, # UDP IPv4
# Deny these
deny network inet6 stream, # TCP IPv6
deny network inet6 dgram, # UDP IPv6
# Deny everything else by default with AppArmor
}
|