PageRenderTime 288ms CodeModel.GetById 180ms app.highlight 2ms RepoModel.GetById 1ms app.codeStats 0ms

/apparmor.d/sbin.dhclient3

http://github.com/brinkman83/bashrc
Unknown | 69 lines | 53 code | 16 blank | 0 comment | 0 complexity | 81f1039785395af461a9782401d763ce MD5 | raw file 
 1# vim:syntax=apparmor
 2# Last Modified: Fri Jul 17 11:46:19 2009
 3# Author: Jamie Strandboge <jamie@canonical.com>
 4#include <tunables/global>
 5
 6/sbin/dhclient3 {
 7  #include <abstractions/base>
 8  #include <abstractions/nameservice>
 9
10  capability net_bind_service,
11  capability net_raw,
12  capability sys_module,
13  capability dac_override,
14
15  network packet,
16  network raw,
17
18  @{PROC}/*/net/ r,
19  @{PROC}/*/net/** r,
20
21  /sbin/dhclient3 mr,
22
23  /etc/dhclient.conf r,
24  /etc/dhcp3/ r,
25  /etc/dhcp3/** r,
26
27  /var/lib/dhcp3/dhclient* lrw,
28  /var/run/dhclient*.pid lrw,
29  /var/run/dhclient*.lease* lrw,
30
31  # NetworkManager
32  /var/run/nm*conf r,
33
34  # connman
35  /var/run/connman/dhclient*.pid lrw,
36  /var/run/connman/dhclient*.leases lrw,
37
38  # synce-hal
39  /usr/share/synce-hal/dhclient.conf r,
40
41  # if there is a custom script, let it run unconfined
42  /etc/dhcp3/dhclient-script Uxr,
43
44  # The dhclient-script shell script sources other shell scripts rather than
45  # executing them, so we can't just use a separate profile for dhclient-script
46  # with 'Uxr' on the hook scripts. However, for the long-running dhclient3
47  # daemon to run arbitrary code via /sbin/dhclient-script, it would need to be
48  # able to subvert dhclient-script or write to the hooks.d directories. As
49  # such, if the dhclient3 daemon is subverted, this effectively limits it to
50  # only being able to run the hooks scripts.
51  /sbin/dhclient-script                           Uxr,
52
53  # Run the ELF executables under their own unrestricted profiles
54  /usr/lib/NetworkManager/nm-dhcp-client.action   Pxr,
55  /usr/lib/connman/scripts/dhclient-script        Pxr,
56}
57
58/usr/lib/NetworkManager/nm-dhcp-client.action {
59  #include <abstractions/base>
60  #include <abstractions/dbus>
61  /usr/lib/NetworkManager/nm-dhcp-client.action mr,
62}
63
64/usr/lib/connman/scripts/dhclient-script {
65  #include <abstractions/base>
66  #include <abstractions/dbus>
67  /usr/lib/connman/scripts/dhclient-script      mr,
68}
69