mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

wireshark

Browse source
This commit is contained in:
nobody43 2022-11-30 22:37:07 +03:00 committed by Alex
parent 6ada4f7ece
commit 038e2882b5
2 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/profiles-a-f/dumpcap
View file

@ -10,6 +10,8 @@ include <tunables/global>
profile dumpcap @{exec_path} { profile dumpcap @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/dbus>
include <abstractions/dbus-session>
# To capture packekts # To capture packekts
capability net_raw, capability net_raw,
@ -24,13 +26,16 @@ profile dumpcap @{exec_path} {
network packet raw, network packet raw,
network bluetooth raw, network bluetooth raw,
dbus (eavesdrop) bus=session,
@{exec_path} mr, @{exec_path} mr,
@{sys}/class/net/ r, @{sys}/class/net/ r,
@{sys}/bus/usb/devices/ r, @{sys}/bus/usb/devices/ r,
@{sys}/devices/virtual/net/*/type r, @{sys}/devices/virtual/net/*/type r,
@{sys}/devices/pci[0-9]*/**/net/*/type r,
@{sys}/devices/virtual/net/*/statistics/* r, @{sys}/devices/virtual/net/*/statistics/* r,
@{sys}/devices/pci[0-9]*/**/net/*/type r,
@{sys}/devices/pci[0-9]*/**/net/*/statistics/* r,
@{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/dev r,
@{PROC}/@{pid}/net/psched r, @{PROC}/@{pid}/net/psched r,

13
apparmor.d/profiles-s-z/wireshark
View file

@ -26,6 +26,9 @@ profile wireshark @{exec_path} {
include <abstractions/mesa> include <abstractions/mesa>
include <abstractions/qt5-compose-cache-write> include <abstractions/qt5-compose-cache-write>
include <abstractions/qt5-settings-write> include <abstractions/qt5-settings-write>
include <abstractions/dbus-accessibility-strict>
include <abstractions/dbus-session-strict>
include <abstractions/nvidia>
signal (send) peer=dumpcap, signal (send) peer=dumpcap,
@ -51,16 +54,18 @@ profile wireshark @{exec_path} {
/etc/wireshark/init.lua r, /etc/wireshark/init.lua r,
# Wireshark home files # Wireshark home files
owner @{HOME}/.wireshark/{,*} rw, owner @{HOME}/.wireshark/{,**} rw,
owner @{user_config_dirs}/wireshark/{,*} rw, owner @{user_config_dirs}/wireshark/{,**} rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/qt5/translations/*.qm r,
deny @{PROC}/sys/kernel/random/boot_id r, deny @{PROC}/sys/kernel/random/boot_id r,
deny owner @{PROC}/@{pid}/cmdline r, deny owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/comm r,
@{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/dev r,
@{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/mounts r, @{PROC}/@{pid}/mounts r,
@ -75,9 +80,6 @@ profile wireshark @{exec_path} {
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,
/var/lib/dbus/machine-id r,
/etc/machine-id r,
owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw, owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw,
# Allowed apps to open # Allowed apps to open
@ -108,6 +110,7 @@ profile wireshark @{exec_path} {
# file_inherit # file_inherit
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,
include if exists <local/wireshark_open>
} }
include if exists <local/wireshark> include if exists <local/wireshark>