92bc3717 |
1 | # ------------------------------------------------------------------ |
2 | # |
3 | # Copyright (C) 2002-2005 Novell/SUSE |
4 | # |
5 | # This program is free software; you can redistribute it and/or |
6 | # modify it under the terms of version 2 of the GNU General Public |
7 | # License published by the Free Software Foundation. |
8 | # |
9 | # ------------------------------------------------------------------ |
10 | # Note that this profile doesn't include any NetDomain rules; dhclient uses |
11 | # raw sockets, and thus cannot be confined with NetDomain |
12 | # |
13 | # Should these programs have their own domains? |
14 | # /bin/ps mrix, |
15 | # /sbin/arp mrix, |
16 | # /usr/bin/dig mrix, |
17 | # /usr/bin/uptime mrix, |
18 | # /usr/bin/vmstat mrix, |
19 | # /usr/bin/w mrix, |
20 | |
21 | #include <tunables/global> |
22 | |
23 | /sbin/dhclient { |
24 | #include <abstractions/base> |
25 | #include <abstractions/bash> |
26 | #include <abstractions/nameservice> |
27 | |
28 | network packet packet, |
29 | network packet raw, |
30 | |
31 | /sbin/dhclient mrix, |
32 | |
33 | /bin/bash mrix, |
34 | /bin/df mrix, |
35 | /bin/netstat Px, |
36 | /bin/ps mrix, |
37 | /dev/random r, |
38 | /etc/dhclient.conf r, |
39 | @{PROC}/ r, |
40 | @{PROC}/interrupts r, |
41 | @{PROC}/*/net/dev r, |
42 | @{PROC}/rtc r, |
43 | # following rule shouldn't work, self is a symlink |
44 | @{PROC}/self/status r, |
45 | /sbin/arp mrix, |
46 | /usr/bin/dig mrix, |
47 | /usr/bin/uptime mrix, |
48 | /usr/bin/vmstat mrix, |
49 | /usr/bin/w mrix, |
50 | /var/lib/dhcp/dhclient.leases rw, |
51 | /var/lib/dhcp/dhclient-*.leases rw, |
52 | /var/log/lastlog r, |
53 | /var/log/messages r, |
54 | /var/log/wtmp r, |
55 | /{,var/}run/dhclient.pid rw, |
56 | /{,var/}run/dhclient-*.pid rw, |
57 | /var/spool r, |
58 | /var/spool/mail r, |
59 | |
60 | # This one will need to be fleshed out depending on what the user is doing |
61 | /sbin/dhclient-script mrpix, |
62 | |
63 | /bin/grep mrix, |
64 | /bin/sleep mrix, |
65 | /etc/sysconfig/network/dhcp r, |
66 | /etc/sysconfig/network/scripts/functions.common r, |
67 | /etc/sysconfig/network/scripts/functions r, |
68 | /sbin/ip mrix, |
69 | /usr/lib/NetworkManager/nm-dhcp-client.action mrix, |
70 | /var/lib/dhcp/* rw, |
71 | /{,var/}run/nm-dhclient-*.conf r, |
72 | |
73 | } |