Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # vim:syntax=apparmor
- #include <tunables/global>
- profile dhcpcd /{usr/,}bin/dhcpcd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- capability chown,
- capability net_admin,
- capability net_raw,
- capability sys_admin,
- network packet dgram,
- network inet raw,
- network inet6 raw,
- /etc/dhcpcd.{conf,duid,secret} r,
- /etc/ld.so.cache r,
- /etc/udev/udev.conf r,
- /proc/*/net/if_inet6 r,
- /proc/sys/net/ipv{4,6}/conf/*/* rw,
- /{var/,}run/dhcpcd{-*,}.pid rwk,
- /{var/,}run/dhcpcd.sock rw,
- /{var/,}run/dhcpcd.unpriv.sock rw,
- /{var/,}run/udev/data/* r,
- /sys/devices/*/*/{*/,}net/*/uevent r,
- /sys/devices/virtual/net/*/uevent r,
- /{usr/,}bin/dash ix,
- /{usr/,}bin/dash mrix,
- /usr/lib/dhcpcd/dev/udev.so m,
- /usr/lib/ld-*.so m,
- /usr/lib/libc-*.so m,
- # Transition to a child profile for hooks
- /usr/libexec/dhcpcd-run-hooks Cx -> dhcpcd_run_hooks,
- /var/db/dhcpcd-*.lease rw,
- /var/db/dhcpcd/** rw,
- /{usr/,}bin/dhcpcd mrix,
- # Child profile for hooks
- profile dhcpcd_run_hooks {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- capability sys_admin,
- capability sys_tty_config,
- /etc/chrony.conf rw,
- /etc/ntpd.conf rw,
- /etc/resolv.conf rw,
- /{var/,}run/dhcpcd/ rw,
- /{var/,}run/dhcpcd/{ntp,resolv}.conf.** rw,
- /{var/,}run/dhcpcd/{ntp,resolv}.conf/ rw,
- /{var/,}run/dhcpcd/{ntp,resolv}.conf/*.dhcp rw,
- /usr/bin/cat mrix,
- /usr/bin/chmod mrix,
- /usr/bin/cmp mrix,
- /usr/bin/dash mr,
- /usr/bin/hostname-coreutils mrix,
- /usr/bin/mkdir mrix,
- /usr/bin/rm mrix,
- /usr/bin/sed mrix,
- /usr/bin/wpa_supplicant Ux,
- /usr/bin/wpa_cli Ux,
- /usr/libexec/dhcpcd-hooks/ r,
- /usr/libexec/dhcpcd-hooks/* r,
- /usr/libexec/dhcpcd-run-hooks r,
- /usr/share/dhcpcd/hooks/* r,
- }
- # Site-specific additions and overrides. See local/README for details.
- #include <local/usr.bin.dhcpcd>
- }
Add Comment
Please, Sign In to add comment
