| | 1 | # ------------------------------------------------------------------ |
| | 2 | # |
| | 3 | # Copyright (C) 2002-2005 Novell/SUSE |
| | 4 | # |
| | 5 | # This program is free software; you can redistribute it and/or |
| | 6 | # modify it under the terms of version 2 of the GNU General Public |
| | 7 | # License published by the Free Software Foundation. |
| | 8 | # |
| | 9 | # ------------------------------------------------------------------ |
| | 10 | # Note that this profile doesn't include any NetDomain rules; dhclient uses |
| | 11 | # raw sockets, and thus cannot be confined with NetDomain |
| | 12 | # |
| | 13 | # Should these programs have their own domains? |
| | 14 | # /bin/ps mrix, |
| | 15 | # /sbin/arp mrix, |
| | 16 | # /usr/bin/dig mrix, |
| | 17 | # /usr/bin/uptime mrix, |
| | 18 | # /usr/bin/vmstat mrix, |
| | 19 | # /usr/bin/w mrix, |
| | 20 | |
| | 21 | #include <tunables/global> |
| | 22 | |
| | 23 | /sbin/dhclient { |
| | 24 | #include <abstractions/base> |
| | 25 | #include <abstractions/bash> |
| | 26 | #include <abstractions/nameservice> |
| | 27 | |
| | 28 | network packet packet, |
| | 29 | network packet raw, |
| | 30 | |
| | 31 | /sbin/dhclient mrix, |
| | 32 | |
| | 33 | /bin/bash mrix, |
| | 34 | /bin/df mrix, |
| | 35 | /bin/netstat Px, |
| | 36 | /bin/ps mrix, |
| | 37 | /dev/random r, |
| | 38 | /etc/dhclient.conf r, |
| | 39 | @{PROC}/ r, |
| | 40 | @{PROC}/interrupts r, |
| | 41 | @{PROC}/*/net/dev r, |
| | 42 | @{PROC}/rtc r, |
| | 43 | # following rule shouldn't work, self is a symlink |
| | 44 | @{PROC}/self/status r, |
| | 45 | /sbin/arp mrix, |
| | 46 | /usr/bin/dig mrix, |
| | 47 | /usr/bin/uptime mrix, |
| | 48 | /usr/bin/vmstat mrix, |
| | 49 | /usr/bin/w mrix, |
| | 50 | /var/lib/dhcp/dhclient.leases rw, |
| | 51 | /var/lib/dhcp/dhclient-*.leases rw, |
| | 52 | /var/log/lastlog r, |
| | 53 | /var/log/messages r, |
| | 54 | /var/log/wtmp r, |
| | 55 | /{,var/}run/dhclient.pid rw, |
| | 56 | /{,var/}run/dhclient-*.pid rw, |
| | 57 | /var/spool r, |
| | 58 | /var/spool/mail r, |
| | 59 | |
| | 60 | # This one will need to be fleshed out depending on what the user is doing |
| | 61 | /sbin/dhclient-script mrpix, |
| | 62 | |
| | 63 | /bin/grep mrix, |
| | 64 | /bin/sleep mrix, |
| | 65 | /etc/sysconfig/network/dhcp r, |
| | 66 | /etc/sysconfig/network/scripts/functions.common r, |
| | 67 | /etc/sysconfig/network/scripts/functions r, |
| | 68 | /sbin/ip mrix, |
| | 69 | /usr/lib/NetworkManager/nm-dhcp-client.action mrix, |
| | 70 | /var/lib/dhcp/* rw, |
| | 71 | /{,var/}run/nm-dhclient-*.conf r, |
| | 72 | |
| | 73 | } |
GIT.Harvie.CZ / mirrors / AppArmor-Profiles.git / blame_incremental