Fix dhclient and dhclient-script profiles to work on debian buster

2025-03-04 08:24:42 +01:00 · 2020-10-06 19:51:07 +00:00 · 2020-10-06 19:51:07 +00:00 · 9b70ef4fb7
commit 9b70ef4fb7
parent 6e7d1b6baa
2 changed files with 9 additions and 2 deletions
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@ -58,14 +58,14 @@ profile dhclient /{usr/,}sbin/dhclient {
  /usr/lib/{NetworkManager/,}nm-dhcp-helper rix,
  /var/lib/dhclient/dhclient{6,}.leases*	rw,
  /var/lib/dhcp/dhclient*.leases   rw,
-  /var/lib/dhcp6/dhclient.leases    rw,
+  /var/lib/dhcp{6,}/dhclient.leases    rw,
  /var/lib/NetworkManager/dhclient{6,}-*.conf r,
  /var/lib/NetworkManager/dhclient{6,}-*.lease rw,
  /var/log/lastlog            r,
  /var/log/messages           r,
  /var/log/wtmp               r,
  /{,var/}run/dhclient{6,}.pid    rw,
-  /{,var/}run/dhclient{6,}-*.pid  rw,
+  /{,var/}run/dhclient{6,}{-,.}*.pid  rw,
  /var/spool                  r,
  /var/spool/mail             r,

--- a/profiles/apparmor/profiles/extras/sbin.dhclient-script
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient-script
@ -12,13 +12,20 @@ profile dhclient-script /{usr/,}sbin/dhclient-script {
  include <abstractions/bash>
  include <abstractions/consoles>

+  /{usr/,}bin/dash rix,
  /{usr/,}bin/bash rix,
  /{usr/,}bin/grep rix,
  /{usr/,}bin/sleep rix,
  /{usr/,}bin/touch rix,
+  /{usr/,}bin/run-parts rix,
+  /{usr/,}bin/logger rix,
  /dev/.sysconfig/network/** r,
  /etc/netconfig.d/* mrix,
  /etc/sysconfig/network/** r,
+  /etc/dhcp/{**,} r,
  /{usr/,}sbin/dhclient-script r,
  /{usr/,}sbin/ip rix,
+  /{usr/,}sbin/resolvconf rPux,
+
+  include if exists <local/sbin.dhclient-script>
 }