| 92bc3717 |
1 | # vim:syntax=apparmor |
| 2 | # ------------------------------------------------------------------ |
| 3 | # |
| 4 | # Copyright (C) 2002-2005 Novell/SUSE |
| 5 | # |
| 6 | # This program is free software; you can redistribute it and/or |
| 7 | # modify it under the terms of version 2 of the GNU General Public |
| 8 | # License published by the Free Software Foundation. |
| 9 | # |
| 10 | # ------------------------------------------------------------------ |
| 11 | # evolution, amongst other things, calls this program. I didn't want to |
| 12 | # give evolution access to significant chunks of /proc |
| 13 | # |
| 14 | |
| 15 | #include <tunables/global> |
| 16 | |
| 17 | /bin/netstat { |
| 18 | #include <abstractions/base> |
| 19 | #include <abstractions/consoles> |
| 20 | #include <abstractions/nameservice> |
| 21 | |
| 22 | capability dac_override, |
| 23 | capability dac_read_search, |
| 24 | deny capability sys_ptrace, |
| 25 | |
| 26 | /bin/netstat rmix, |
| 27 | /etc/networks r, |
| 28 | @{PROC} r, |
| 29 | @{PROC}/[0-9]*/cmdline r, |
| 30 | @{PROC}/[0-9]*/fd r, |
| 31 | @{PROC}/net r, |
| 32 | @{PROC}/net/* r, |
| 33 | @{PROC}/*/fd/ r, |
| 34 | owner @{PROC}/*/net/raw r, |
| 35 | owner @{PROC}/*/net/raw6 r, |
| 36 | owner @{PROC}/*/net/tcp r, |
| 37 | owner @{PROC}/*/net/tcp6 r, |
| 38 | owner @{PROC}/*/net/udp r, |
| 39 | owner @{PROC}/*/net/udp6 r, |
| 40 | owner @{PROC}/*/net/unix r, |
| 41 | } |
GIT.Harvie.CZ / mirrors / AppArmor-Profiles.git / blame