| Line | |
|---|
| 1 | # Last Modified: Sun Dec 06 12:30:32 2015 |
|---|
| 2 | # vim:syntax=apparmor et ts=8 sw=4 |
|---|
| 3 | |
|---|
| 4 | #include <tunables/global> |
|---|
| 5 | |
|---|
| 6 | /usr/bin/i2prouter flags=(complain) { |
|---|
| 7 | #include <abstractions/i2p> |
|---|
| 8 | capability sys_ptrace, |
|---|
| 9 | |
|---|
| 10 | /usr/bin/i2prouter r, |
|---|
| 11 | |
|---|
| 12 | @{PROC}/1/comm r, |
|---|
| 13 | owner @{PROC}/[0-9]*/ r, |
|---|
| 14 | owner @{PROC}/[0-9]*/stat r, |
|---|
| 15 | owner @{PROC}/[0-9]*/cmdline r, |
|---|
| 16 | @{PROC}/uptime r, |
|---|
| 17 | @{PROC}/sys/kernel/pid_max r, |
|---|
| 18 | |
|---|
| 19 | /bin/{,b,d}ash rix, |
|---|
| 20 | /bin/cat rix, |
|---|
| 21 | /bin/grep rix, |
|---|
| 22 | /bin/mkdir rix, |
|---|
| 23 | /bin/ps rUx, |
|---|
| 24 | /bin/rm rix, |
|---|
| 25 | /bin/sed rix, |
|---|
| 26 | /bin/sleep rix, |
|---|
| 27 | /bin/uname rix, |
|---|
| 28 | /bin/which rix, |
|---|
| 29 | /etc/default/i2p r, |
|---|
| 30 | /etc/lsb-release r, |
|---|
| 31 | |
|---|
| 32 | /usr/bin/{,g,m}awk rix, |
|---|
| 33 | /usr/bin/cut rix, |
|---|
| 34 | /usr/bin/dirname rix, |
|---|
| 35 | /usr/bin/expr rix, |
|---|
| 36 | /usr/bin/id rix, |
|---|
| 37 | # should replace this in i2prouter with something safer |
|---|
| 38 | /usr/bin/ldd rUx, |
|---|
| 39 | /usr/bin/tail rix, |
|---|
| 40 | /usr/bin/tr rix, |
|---|
| 41 | |
|---|
| 42 | @{HOME}/.java/fonts/** r, |
|---|
| 43 | owner @{HOME}/.i2p/ rw, |
|---|
| 44 | owner @{HOME}/.i2p/** rwk, |
|---|
| 45 | owner @{HOME}/.i2p/eepsite/cgi-bin/** rix, |
|---|
| 46 | |
|---|
| 47 | # Prevent spamming the logs |
|---|
| 48 | deny owner @{HOME}/.java/ wk, |
|---|
| 49 | deny @{HOME}/.fontconfig/ wk, |
|---|
| 50 | deny @{HOME}/.java/fonts/** wk, |
|---|
| 51 | |
|---|
| 52 | # Site-specific additions and overrides. See local/README for details. |
|---|
| 53 | #include <local/usr.bin.i2prouter> |
|---|
| 54 | } |
|---|
| 55 | |
|---|
Note: See
TracBrowser
for help on using the repository browser.
