From c55f19c4ebd9b115288407bddc16038ac11e6bab Mon Sep 17 00:00:00 2001
From: nobodysu <nobodysu@users.noreply.github.com>
Date: Sun, 12 Dec 2021 21:42:24 +0300
Subject: [PATCH] bind-utils

---
 apparmor.d/profiles-a-f/dig      |  4 ++++
 apparmor.d/profiles-g-l/host     | 25 +++++++++++++++++++++++++
 apparmor.d/profiles-m-r/nslookup | 25 +++++++++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 apparmor.d/profiles-g-l/host
 create mode 100644 apparmor.d/profiles-m-r/nslookup

diff --git a/apparmor.d/profiles-a-f/dig b/apparmor.d/profiles-a-f/dig
index 7fe72a44..4990930f 100644
--- a/apparmor.d/profiles-a-f/dig
+++ b/apparmor.d/profiles-a-f/dig
@@ -24,5 +24,9 @@ profile dig @{exec_path} {
 
   owner @{HOME}/.digrc r,
 
+  /tmp/batch_mode.dig       r,
+  /home/dig/batch_mode.dig  r,
+  /home/dig/tsig.key        r,
+
   include if exists <local/dig>
 }
diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host
new file mode 100644
index 00000000..220e27d4
--- /dev/null
+++ b/apparmor.d/profiles-g-l/host
@@ -0,0 +1,25 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}bin/host
+profile host @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/openssl>
+  include <abstractions/nameservice-strict>
+
+  owner @{PROC}/@{pid}/task/@{pid}/comm rw,
+
+  # Ubuntu
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
+  include if exists <local/host>
+}
diff --git a/apparmor.d/profiles-m-r/nslookup b/apparmor.d/profiles-m-r/nslookup
new file mode 100644
index 00000000..ea0410c5
--- /dev/null
+++ b/apparmor.d/profiles-m-r/nslookup
@@ -0,0 +1,25 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}bin/nslookup
+profile nslookup @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/openssl>
+  include <abstractions/nameservice-strict>
+
+  owner @{PROC}/@{pid}/task/@{pid}/comm rw,
+
+  # Ubuntu
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
+  include if exists <local/nslookup>
+}