void-packages/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd

63 lines
1.4 KiB
Plaintext

# vim:syntax=apparmor
#include <tunables/global>
profile dhcpcd /{usr/,}bin/dhcpcd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability chown,
capability fowner,
capability fsetid,
capability kill,
capability net_admin,
capability net_raw,
capability setuid,
capability setgid,
capability sys_admin,
capability sys_chroot,
network packet dgram,
network inet raw,
network inet6 raw,
/dev/pts/* rw,
/etc/dhcpcd.{conf,duid,secret} r,
/etc/ld.so.cache r,
/etc/udev/udev.conf r,
/proc/*/net/if_inet6 r,
/proc/sys/net/ipv{4,6}/conf/*/* rw,
/proc/sys/net/ipv{4,6}/neigh/*/retrans_time_ms w,
/proc/sys/net/ipv{4,6}/neigh/*/base_reachable_time_ms w,
/{var/,}run/dhcpcd/ w,
/{var/,}run/dhcpcd/{,*.}pid rwk,
/{var/,}run/dhcpcd/{,*.}sock rw,
/{var/,}run/dhcpcd/unpriv.sock rw,
/{var/,}run/udev/data/* r,
/sys/devices/**/net/*/uevent r,
/{usr/,}bin/dash ix,
/{usr/,}bin/dash mrix,
/usr/lib/dhcpcd/dev/udev.so m,
/usr/lib/ld-*.so m,
/usr/lib/libc-*.so m,
# Trust hooks and run the wrapper unconfined
/usr/libexec/dhcpcd-run-hooks CUx,
/var/db/dhcpcd-*.lease rw,
/var/db/dhcpcd/** rw,
/{usr/,}bin/dhcpcd mrix,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.dhcpcd>
}