add tshark profile

2025-03-04 08:24:42 +01:00 · 2025-02-07 07:32:32 +00:00 · 2025-02-07 07:32:32 +00:00 · 594f391502
commit 594f391502
parent 817d5eed1d
1 changed files with 68 additions and 0 deletions
--- a/profiles/apparmor.d/tshark
+++ b/profiles/apparmor.d/tshark
@ -0,0 +1,68 @@
 #------------------------------------------------------------------
 #    Copyright (C) 2024 Canonical Ltd.
 #
 #    Author: Shishir Subedi (shishir.subedi@canonical.com)
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
 #    License published by the Free Software Foundation.
 #------------------------------------------------------------------
 # vim: ft=apparmor
 #
 abi <abi/4.0>,
 include <tunables/global>
 profile tshark /usr/bin/tshark {
  include <abstractions/base>
  include <abstractions/nameservice>
  include <abstractions/user-tmp>
  capability dac_read_search,
  signal send peer=tshark//dumpcap,
  file Cx /usr/bin/dumpcap -> dumpcap,
  file mr /usr/bin/tshark,
  file mrix /usr/lib/@{multiarch}/wireshark/extcap/{,*},
  file r /usr/share/wireshark/{,**},
  file r @{PROC}/@{pid}/fd/,
  # for -i sdjournal
  file r /{var,run}/log/journal/{,**},
  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/tshark>
  profile dumpcap {
    include <abstractions/base>
    include <abstractions/nameservice>
    include <abstractions/private-files-strict>
    include <abstractions/user-tmp>
    include <abstractions/user-write>
    capability net_admin,
    capability net_raw,
    network packet,
    network raw,
    network stream,
    dbus (eavesdrop receive) bus=system,
    signal receive peer=tshark,
    file r /dev/,
    file r @{PROC}/@{pid}/net/dev,
    file r @{sys}/devices/{,**},
    file rw @{sys}/devices/**/statistics/rx_*,
    file r /**.pcap{,ng}{,.gz},
    owner rw /**.pcap{,ng}{,.gz},
    owner rw @{run}/dbus/system_bus_socket,
    file mr /usr/bin/dumpcap,
  }
 }