~ubuntu-branches/ubuntu/wily/apparmor/wily

« back to all changes in this revision

Viewing changes to profiles/apparmor/profiles/extras/sbin.dhclient

• browse files at revision 1.1.19
• compare with another revision
• download diff
• download tarball
• view history from revision 1.1.19

Show diffs side-by-side

added

removed

profiles/apparmor/profiles/extras/sbin.dhclient

11

11

# raw sockets, and thus cannot be confined with NetDomain

12

12

#

13

13

# Should these programs have their own domains?

14

 

# /bin/ps                     mixr,

15

 

# /sbin/arp                   rmix,

16

 

# /usr/bin/dig                rmix,

17

 

# /usr/bin/uptime             rmix,

18

 

# /usr/bin/vmstat             rmix,

19

 

# /usr/bin/w                  rmix,

 

14

# /bin/ps                     mrix,

 

15

# /sbin/arp                   mrix,

 

16

# /usr/bin/dig                mrix,

 

17

# /usr/bin/uptime             mrix,

 

18

# /usr/bin/vmstat             mrix,

 

19

# /usr/bin/w                  mrix,

20

20

 

21

21

#include <tunables/global>

22

22

 

24

24

  #include <abstractions/base>

25

25

  #include <abstractions/bash>

26

26

  #include <abstractions/nameservice>

27

 

  /sbin/dhclient              rmix,

28

 

  /sbin/dhclient-script       rmix,

29

 

  /bin/bash                   rmix,

30

 

  /bin/df                     rmix,

 

27

 

 

28

  network packet packet,

 

29

  network packet raw,

 

30

 

 

31

  /sbin/dhclient              mrix,

 

32

 

 

33

  /sbin/dhclient-script       mrix,

 

34

  /bin/bash                   mrix,

 

35

  /bin/df                     mrix,

31

36

  /bin/netstat                Px,

32

 

  /bin/ps                     mixr,

 

37

  /bin/ps                     mrix,

33

38

  /dev/random                 r,

34

39

  /etc/dhclient.conf          r,

35

 

  @{PROC}/                      r,

36

 

  @{PROC}/interrupts            r,

37

 

  @{PROC}/net/dev               r,

38

 

  @{PROC}/rtc                   r,

 

40

  @{PROC}/                    r,

 

41

  @{PROC}/interrupts          r,

 

42

  @{PROC}/*/net/dev           r,

 

43

  @{PROC}/rtc                 r,

39

44

  # following rule shouldn't work, self is a symlink

40

 

  @{PROC}/self/status           r,

41

 

  /sbin/arp                   rmix,

42

 

  /usr/bin/dig                rmix,

43

 

  /usr/bin/uptime             rmix,

44

 

  /usr/bin/vmstat             rmix,

45

 

  /usr/bin/w                  rmix,

 

45

  @{PROC}/self/status         r,

 

46

  /sbin/arp                   mrix,

 

47

  /usr/bin/dig                mrix,

 

48

  /usr/bin/uptime             mrix,

 

49

  /usr/bin/vmstat             mrix,

 

50

  /usr/bin/w                  mrix,

46

51

  /var/lib/dhcp/dhclient.leases     rw,

47

52

  /var/lib/dhcp/dhclient-*.leases   rw,

48

53

  /var/log/lastlog            r,

49

54

  /var/log/messages           r,

50

55

  /var/log/wtmp               r,

51

 

  /var/run/dhclient.pid       rw,

52

 

  /var/run/dhclient-*.pid     rw,

 

56

  /{,var/}run/dhclient.pid       rw,

 

57

  /{,var/}run/dhclient-*.pid     rw,

53

58

  /var/spool                  r,

54

59

  /var/spool/mail             r,

 

60

 

 

61

  # This one will need to be fleshed out depending on what the user is doing

 

62

  /sbin/dhclient-script mrpx,

 

63

 

 

64

  /bin/grep mrix,

 

65

  /bin/sleep mrix,

 

66

  /etc/sysconfig/network/dhcp r,

 

67

  /etc/sysconfig/network/scripts/functions.common r,

 

68

  /etc/sysconfig/network/scripts/functions r,

 

69

  /sbin/ip mrix,

 

70

  /usr/lib/NetworkManager/nm-dhcp-client.action mrix,

 

71

  /var/lib/dhcp/* rw,

 

72

  /{,var/}run/nm-dhclient-*.conf r,

 

73

 

55

74

}

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1