From 8f825473c6d21a148fbeff1c09c8ac3242d413df Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 24 Jan 2024 20:58:23 +0000 Subject: [PATCH] feat(profile): apply profile guideline on sing-box. --- apparmor.d/profiles-s-z/sing-box | 16 ++++++++++------ dists/flags/main.flags | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/apparmor.d/profiles-s-z/sing-box b/apparmor.d/profiles-s-z/sing-box index 0ebe76ad..07c557d7 100644 --- a/apparmor.d/profiles-s-z/sing-box +++ b/apparmor.d/profiles-s-z/sing-box @@ -1,4 +1,5 @@ # apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only # https://github.com/SagerNet/sing-box @@ -20,14 +21,17 @@ profile sing-box @{exec_path} { network inet dgram, network inet6 dgram, - /proc/meminfo r, - /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r, + @{exec_path} mr, @{bin}/tor mrix, - @{bin}/sing-box mr, - /usr/{,local/}share/sing-box/geoip.db r, - /usr/{,local/}share/sing-box/geosite.db r, - owner /{,usr/local/}etc/sing-box/config.json r, + /usr/share/sing-box/* r, + + @{etc_ro}/sing-box/config.json r, + owner @{user_share_dirs}/certmagic/** rw, + + @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, + + include if exists } diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 828f69a1..0d813e17 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -292,6 +292,7 @@ s3fs complain sdcv complain sddm attach_disconnected,mediate_deleted,complain sftp-server complain +sing-box complain slirp4netns attach_disconnected,complain snap complain snap-bootstrap complain