mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
Add avahi
This commit is contained in:
Jeroen Rijken
Alex
parent
099a97cb36
commit
cf63b97c9b
27
apparmor.d/groups/avahi/avahi-autoipd
Normal file
27
apparmor.d/groups/avahi/avahi-autoipd
Normal file
@ -0,0 +1,27 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}{s,}bin/avahi-autoipd
|
||||
profile avahi-autoipd @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
signal receive set=kill,term,
|
||||
|
||||
@{exec_path} rm,
|
||||
/etc/avahi/avahi-autoipd.action rix,
|
||||
|
||||
include if exists <local/avahi-autoipd>
|
||||
}
|
||||
|
||||
32
apparmor.d/groups/avahi/avahi-browse
Normal file
32
apparmor.d/groups/avahi/avahi-browse
Normal file
@ -0,0 +1,32 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/avahi-browse /{usr/,}bin/avahi-browse-domains
|
||||
profile avahi-browse @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,ServiceTypeBrowserNew,ServiceBrowserNew},
|
||||
|
||||
dbus receive bus=system path=/Client[0-9]/ServiceTypeBrowser[0-9]
|
||||
interface=org.freedesktop.Avahi.ServiceTypeBrowser
|
||||
member={ItemNew,CacheExhausted,AllForNow},
|
||||
|
||||
@{exec_path} rm,
|
||||
|
||||
/{usr/,}lib/x86_64-linux-gnu/avahi/service-types.db rwk,
|
||||
|
||||
include if exists <local/avahi-browse>
|
||||
}
|
||||
23
apparmor.d/groups/avahi/avahi-daemon
Normal file
23
apparmor.d/groups/avahi/avahi-daemon
Normal file
@ -0,0 +1,23 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/avahi-daemon
|
||||
profile avahi-daemon @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
||||
@{exec_path} rm,
|
||||
|
||||
/etc/avahi/** r,
|
||||
|
||||
include if exists <local/avahi-daemon>
|
||||
}
|
||||
|
||||
18
apparmor.d/groups/avahi/avahi-publish
Normal file
18
apparmor.d/groups/avahi/avahi-publish
Normal file
@ -0,0 +1,18 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/avahi-publish /{usr/,}bin/avahi-publish-address /{usr/,}bin/avahi-publish-service
|
||||
profile avahi-publish @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} rm,
|
||||
|
||||
include if exists <local/avahi-publish>
|
||||
}
|
||||
|
||||
34
apparmor.d/groups/avahi/avahi-resolve
Normal file
34
apparmor.d/groups/avahi/avahi-resolve
Normal file
@ -0,0 +1,34 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/avahi-resolve /{usr/,}bin/avahi-resolve-address /{usr/,}bin/avahi-resolve-host-name
|
||||
profile avahi-resolve @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,AddressResolverNew},
|
||||
|
||||
dbus send bus=system path=/Client[0-9]/AddressResolver[0-9]
|
||||
interface=org.freedesktop.Avahi.AddressResolver
|
||||
member={Free,HostNameResolverNew,},
|
||||
|
||||
dbus receive bus=system path=/Client[0-9]/AddressResolver[0-9]
|
||||
interface=org.freedesktop.Avahi.AddressResolver
|
||||
member={Failure,Found},
|
||||
|
||||
@{exec_path} rm,
|
||||
|
||||
include if exists <local/avahi-resolve>
|
||||
}
|
||||
18
apparmor.d/groups/avahi/avahi-set-host-name
Normal file
18
apparmor.d/groups/avahi/avahi-set-host-name
Normal file
@ -0,0 +1,18 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Jeroen Rijken
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/avahi-set-host-name
|
||||
profile avahi-set-host-name @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} rm,
|
||||
|
||||
include if exists <local/avahi-set-host-name>
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user