diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient index 0abeb5ee7..a9b095405 100644 --- a/profiles/apparmor/profiles/extras/sbin.dhclient +++ b/profiles/apparmor/profiles/extras/sbin.dhclient @@ -33,6 +33,8 @@ profile dhclient /{usr/,}sbin/dhclient { network packet packet, network packet raw, + signal (send,receive) set=(term) peer=NetworkManager, + /{usr/,}sbin/dhclient mrix, /{usr/,}bin/bash mrix, @@ -41,6 +43,7 @@ profile dhclient /{usr/,}sbin/dhclient { /{usr/,}bin/ps mrix, /dev/random r, /etc/dhclient.conf r, + /etc/openssl.cnf r, @{PROC}/ r, @{PROC}/interrupts r, @{PROC}/@{pid}/net/dev r, @@ -48,21 +51,21 @@ profile dhclient /{usr/,}sbin/dhclient { # following rule shouldn't work, self is a symlink @{PROC}/self/status r, /{usr/,}sbin/arp mrix, - /usr/bin/dig mrix, - /usr/bin/uptime mrix, - /usr/bin/vmstat mrix, - /usr/bin/w mrix, - /usr/lib/nm-dhcp-helper rix, + /{usr/,}bin/dig mrix, + /{usr/,}bin/uptime mrix, + /{usr/,}bin/vmstat mrix, + /{usr/,}bin/w mrix, + /usr/lib/{NetworkManager/,}nm-dhcp-helper rix, /var/lib/dhclient/dhclient{6,}.leases* rw, /var/lib/dhcp/dhclient*.leases rw, /var/lib/dhcp6/dhclient.leases rw, - /var/lib/NetworkManager/dhclient-*.conf r, - /var/lib/NetworkManager/dhclient-*.lease rw, + /var/lib/NetworkManager/dhclient{6,}-*.conf r, + /var/lib/NetworkManager/dhclient{6,}-*.lease rw, /var/log/lastlog r, /var/log/messages r, /var/log/wtmp r, - /{,var/}run/dhclient.pid rw, - /{,var/}run/dhclient-*.pid rw, + /{,var/}run/dhclient{6,}.pid rw, + /{,var/}run/dhclient{6,}-*.pid rw, /var/spool r, /var/spool/mail r, @@ -79,4 +82,5 @@ profile dhclient /{usr/,}sbin/dhclient { /var/lib/dhcp/* rw, /{,var/}run/nm-dhclient-*.conf r, + include if exists }