diff options
| author | jmorvan <jmorvan@140774ce-b5e7-0310-ab8b-a85725594a96> | 2015-08-17 09:23:39 +0000 |
|---|---|---|
| committer | jmorvan <jmorvan@140774ce-b5e7-0310-ab8b-a85725594a96> | 2015-08-17 09:23:39 +0000 |
| commit | 9a780f3553787161e0d34083a1db179fa7ab954e (patch) | |
| tree | edf22a77d248b54a2b6584e6c41d01a66090392d /contrib | |
| parent | 0acce0b074bb169f6958e5b33d7dc8d8b0dac807 (diff) | |
git-svn-id: https://gnunet.org/svn/gnunet@36247 140774ce-b5e7-0310-ab8b-a85725594a96
Diffstat (limited to 'contrib')
112 files changed, 1326 insertions, 735 deletions
diff --git a/contrib/apparmor/abstractions/gnunet-common b/contrib/apparmor/abstractions/gnunet-common index 7d7515d800..3bf6806f59 100644 --- a/contrib/apparmor/abstractions/gnunet-common +++ b/contrib/apparmor/abstractions/gnunet-common @@ -1,34 +1,12 @@ # This files contains common permissions for gnunet - /usr/share/zoneinfo/ r, - /usr/share/zoneinfo/** r, + #GNUnet configuration file + @{GNUNET_PREFIX}/share/gnunet/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r, - /dev/urandom r, - - /etc/ld.so.cache r, - - @{PROC}/@{pid}/maps r, - - #Gnunet configuration file - /usr/local/share/gnunet/config.d/ r, - /usr/local/share/gnunet/config.d/*.conf r, - - /etc/gnunet.conf r, - owner @{HOME}/.config/gnunet.conf r, - - #Librairies - /usr/lib/libc-*.so mr, - /usr/lib/libdl-*.so mr, - /usr/lib/libgcrypt.so.* mr, - /usr/lib/libltdl.so.* mr, - /usr/lib/libgpg-error.so.* mr, - /usr/lib/libm-*.so mr, - /usr/lib/libunistring.so.* mr, - /usr/lib/libz.so.* mr, + /etc/gnunet.conf r, + @{HOME}/.config/gnunet.conf r, + owner @{GNUNET_USER}/.config/gnunet.conf r, - #Gnunet librairies - /usr/local/lib/libgnunetutil.so.* mr, - - #For testbed (if the /tmp directory is used) - /tmp/testbed*/ rw, - /tmp/testbed*/** rwk, + #GNUnet librairies + @{GNUNET_PREFIX}/lib/libgnunet*.so.* mr, diff --git a/contrib/apparmor/abstractions/gnunet-db b/contrib/apparmor/abstractions/gnunet-db new file mode 100644 index 0000000000..73b869dca3 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-db @@ -0,0 +1,8 @@ +# gnunet-db +@{GNUNET_USER}/.local/share/gnunet/namestore/ ra, +@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db rwk, +@{GNUNET_USER}/.local/share/gnunet/namestore/sqlite.db-journal rw, + +@{HOME}/.local/share/gnunet/namestore/ r, +@{HOME}/.local/share/gnunet/namestore/sqlite.db rwk, +@{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw, diff --git a/contrib/apparmor/abstractions/gnunet-gtk b/contrib/apparmor/abstractions/gnunet-gtk new file mode 100644 index 0000000000..bf47adc0cc --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-gtk @@ -0,0 +1,10 @@ +# gnunet-gtk + + #include <abstractions/gnunet-common> + + @{PROC}/@{pid}/cmdline r, + + /usr/share/gtk-*/settings.ini r, + + @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet-gtk/config.d/gnunet-*-gtk.conf r, diff --git a/contrib/apparmor/abstractions/gnunet-libaudio b/contrib/apparmor/abstractions/gnunet-libaudio deleted file mode 100644 index 6dda035733..0000000000 --- a/contrib/apparmor/abstractions/gnunet-libaudio +++ /dev/null @@ -1,23 +0,0 @@ -/usr/lib/libFLAC.so.* mr, -/usr/lib/libXau.so.* mr, -/usr/lib/libXdmcp.so.* mr, -/usr/lib/libasyncns.so.* mr, -/usr/lib/libattr.so.* mr, -/usr/lib/libcap.so.* mr, -/usr/lib/libdbus-1.so.* mr, -/usr/lib/libjson-c.so.* mr, -/usr/lib/liblz4.so.* mr, -/usr/lib/liblzma.so.* mr, -/usr/lib/libnsl-*.so mr, -/usr/lib/libogg.so.* mr, -/usr/lib/libopus.so.* mr, -/usr/lib/libpthread-*.so mr, -/usr/lib/libpulse.so.* mr, -/usr/lib/libresolv-*.so mr, -/usr/lib/librt-*.so mr, -/usr/lib/libsndfile.so.* mr, -/usr/lib/libsystemd.so.* mr, -/usr/lib/libvorbis.so.* mr, -/usr/lib/libvorbisenc.so.* mr, -/usr/lib/libxcb.so.* mr, -/usr/lib/pulseaudio/libpulsecommon-*.so mr, diff --git a/contrib/apparmor/abstractions/gnunet-sgid b/contrib/apparmor/abstractions/gnunet-sgid new file mode 100644 index 0000000000..b1a7655b14 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-sgid @@ -0,0 +1 @@ +# gnunet-sgid diff --git a/contrib/apparmor/abstractions/gnunet-suid b/contrib/apparmor/abstractions/gnunet-suid new file mode 100644 index 0000000000..a9310734c0 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-suid @@ -0,0 +1,15 @@ +# gnunet-suid + + /etc/ld.so.cache mr, + /lib{,32,64}/ld{,32,64}-*.so mrix, + /lib{,32,64}/**/ld{,32,64}-*.so mrix, + /lib/@{multiarch}/ld{,32,64}-*.so mrix, + /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix, + /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix, + /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, + + @{LIBPRE}@{LIBDIRS}/** r, + @{LIBPRE}@{LIBDIRS}/@{LIBS}.so* mr, + @{LIBPRE}@{LIBDIRS}/**/@{LIBS}.so* mr, + /lib/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, + /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/@{LIBS}.so* mr, diff --git a/contrib/apparmor/abstractions/gnunet-test b/contrib/apparmor/abstractions/gnunet-test new file mode 100644 index 0000000000..8daf3ea9c9 --- /dev/null +++ b/contrib/apparmor/abstractions/gnunet-test @@ -0,0 +1,13 @@ + + #testbed (if the /tmp directory is used) + /tmp/testbed*/ rw, + /tmp/testbed*/** rwk, + + #testbed helper + /tmp/testbed-helper*/ rw, + + #gnunet-testing + /tmp/gnunet-testing* rw, + /tmp/gnunet_service_test*/ rw, + /tmp/gnunet_service_test*/** rw, + diff --git a/contrib/apparmor/gnunet-arm b/contrib/apparmor/gnunet-arm index d969f6af12..8e2fdd426b 100644 --- a/contrib/apparmor/gnunet-arm +++ b/contrib/apparmor/gnunet-arm @@ -3,26 +3,19 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/bin/gnunet-arm { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/bin/gnunet-arm mr, - /usr/lib/gconv/gconv-modules r, - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - /dev/null ra, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - - #Gnunet service + #GNUnet service @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px , /tmp/gnunet-*-runtime/ rw, /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, - - #/tmp/gnunet-gnunet-runtime/* rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-ats b/contrib/apparmor/gnunet-ats new file mode 100644 index 0000000000..2c69b4ec01 --- /dev/null +++ b/contrib/apparmor/gnunet-ats @@ -0,0 +1,15 @@ +# Last Modified: Wed Aug 5 15:08:43 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-ats { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{HOME}/.config/gnunet.conf r, + + @{GNUNET_PREFIX}/bin/gnunet-ats mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-auto-share b/contrib/apparmor/gnunet-auto-share new file mode 100644 index 0000000000..0206acf39b --- /dev/null +++ b/contrib/apparmor/gnunet-auto-share @@ -0,0 +1,27 @@ +# Last Modified: Thu Aug 6 11:44:37 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-auto-share { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{HOME}/.config/gnunet.conf r, + + #Directory access(?) + @{HOME}/gnunet-fs/ r, + @{HOME}/gnunet-fs/.auto-share rw, + + @{GNUNET_PREFIX}/bin/gnunet-auto-share mr, + + @{GNUNET_PREFIX}/bin/gnunet-publish Px, + + @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, + + @{GNUNET_PREFIX}/share/gnunet/config.d/ r, + @{GNUNET_PREFIX}/share/gnunet/config.d/*.conf r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> + +} diff --git a/contrib/apparmor/gnunet-bcd b/contrib/apparmor/gnunet-bcd new file mode 100644 index 0000000000..2173e03b5d --- /dev/null +++ b/contrib/apparmor/gnunet-bcd @@ -0,0 +1,14 @@ +# Last Modified: Thu Aug 6 11:50:51 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-bcd { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-bcd mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> + +} diff --git a/contrib/apparmor/gnunet-cadet b/contrib/apparmor/gnunet-cadet new file mode 100644 index 0000000000..ef82d742a3 --- /dev/null +++ b/contrib/apparmor/gnunet-cadet @@ -0,0 +1,13 @@ +# Last Modified: Thu Aug 6 11:59:53 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-cadet { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-cadet mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-config b/contrib/apparmor/gnunet-config new file mode 100644 index 0000000000..28aef4259e --- /dev/null +++ b/contrib/apparmor/gnunet-config @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 15:36:02 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-config { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-config mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-conversation b/contrib/apparmor/gnunet-conversation new file mode 100644 index 0000000000..7c14fc3826 --- /dev/null +++ b/contrib/apparmor/gnunet-conversation @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 15:41:05 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-conversation mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-conversation-gtk b/contrib/apparmor/gnunet-conversation-gtk new file mode 100644 index 0000000000..676cb198db --- /dev/null +++ b/contrib/apparmor/gnunet-conversation-gtk @@ -0,0 +1,26 @@ +# Last Modified: Tue Aug 4 16:59:51 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk { + #include <abstractions/kde> + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + + @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk mr, + + @{GNUNET_PREFIX}/lib/gnunet/ r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_conversation_gtk_main_window.glade r, + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-conversation-test b/contrib/apparmor/gnunet-conversation-test new file mode 100644 index 0000000000..7eefec2ce3 --- /dev/null +++ b/contrib/apparmor/gnunet-conversation-test @@ -0,0 +1,16 @@ +# Last Modified: Fri Aug 7 16:02:29 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-conversation-test { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-conversation-test mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-core b/contrib/apparmor/gnunet-core new file mode 100644 index 0000000000..83b1f3f83b --- /dev/null +++ b/contrib/apparmor/gnunet-core @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:12:14 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-core { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-core mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-daemon-exit b/contrib/apparmor/gnunet-daemon-exit index 95f1c57d83..3c5b995571 100644 --- a/contrib/apparmor/gnunet-daemon-exit +++ b/contrib/apparmor/gnunet-daemon-exit @@ -3,22 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit { + #include <abstractions/base> #include <abstractions/gnunet-common> - /usr/lib/ld-*.so r, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - - /usr/share/locale/locale.alias r, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-hostlist b/contrib/apparmor/gnunet-daemon-hostlist index 82afb3848c..4e21b1b305 100644 --- a/contrib/apparmor/gnunet-daemon-hostlist +++ b/contrib/apparmor/gnunet-daemon-hostlist @@ -3,7 +3,8 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist { - #include <abstractions/gnunet-common> + #include <abstractions/base> + #include <abstractions/gnunet-common> /etc/gai.conf r, /etc/host.conf r, @@ -11,56 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist { /etc/nsswitch.conf r, /etc/resolv.conf r, - /usr/lib/gconv/gconv-modules r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libacl.so.* mr, - /usr/lib/libattr.so.* mr, - /usr/lib/libcap.so.* mr, - /usr/lib/libcom_err.so.* mr, - /usr/lib/libcrypto.so.* mr, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnurl.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libgssapi_krb5.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libk5crypto.so.* mr, - /usr/lib/libkeyutils.so.* mr, - /usr/lib/libkrb5.so.* mr, - /usr/lib/libkrb5support.so.* mr, - /usr/lib/liblz4.so.* mr, - /usr/lib/liblzma.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libnss_dns-*.so mr, - /usr/lib/libnss_files-*.so mr, - /usr/lib/libnss_gns.so.* mr, - /usr/lib/libnss_myhostname.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/librt-*.so mr, - /usr/lib/libseccomp.so.* mr, - /usr/lib/libssh2.so.* mr, - /usr/lib/libssl.so.* mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, - - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-latency-logger b/contrib/apparmor/gnunet-daemon-latency-logger index 38053ffeca..531516f1de 100644 --- a/contrib/apparmor/gnunet-daemon-latency-logger +++ b/contrib/apparmor/gnunet-daemon-latency-logger @@ -3,15 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger { + #include <abstractions/base> #include <abstractions/gnunet-common> - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/locale/locale-archive r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - /usr/share/locale/locale.alias r, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-pt b/contrib/apparmor/gnunet-daemon-pt index a6460d46bf..b30160c1a5 100644 --- a/contrib/apparmor/gnunet-daemon-pt +++ b/contrib/apparmor/gnunet-daemon-pt @@ -3,23 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-pt mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-regexprofiler b/contrib/apparmor/gnunet-daemon-regexprofiler index eface26d1e..c47533bd00 100644 --- a/contrib/apparmor/gnunet-daemon-regexprofiler +++ b/contrib/apparmor/gnunet-daemon-regexprofiler @@ -2,12 +2,12 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-regexprofiler mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-testbed-blacklist b/contrib/apparmor/gnunet-daemon-testbed-blacklist index 9dcfe321ba..2f01531f8e 100644 --- a/contrib/apparmor/gnunet-daemon-testbed-blacklist +++ b/contrib/apparmor/gnunet-daemon-testbed-blacklist @@ -2,12 +2,12 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-blacklist mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-testbed-underlay b/contrib/apparmor/gnunet-daemon-testbed-underlay index f11dcbca91..f9423ac7f1 100644 --- a/contrib/apparmor/gnunet-daemon-testbed-underlay +++ b/contrib/apparmor/gnunet-daemon-testbed-underlay @@ -3,21 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-testbed-underlay mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-daemon-topology b/contrib/apparmor/gnunet-daemon-topology index b8b03082c7..777baa4f39 100644 --- a/contrib/apparmor/gnunet-daemon-topology +++ b/contrib/apparmor/gnunet-daemon-topology @@ -3,25 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-topology mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfriends.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - - /usr/lib/ld-*.so r, - /usr/lib//locale/locale-archive r, - - /usr/lib/gconv/gconv-modules r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-datastore b/contrib/apparmor/gnunet-datastore new file mode 100644 index 0000000000..2ade374b6e --- /dev/null +++ b/contrib/apparmor/gnunet-datastore @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:29:48 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-datastore { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-datastore mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-directory b/contrib/apparmor/gnunet-directory new file mode 100644 index 0000000000..caad23e7f5 --- /dev/null +++ b/contrib/apparmor/gnunet-directory @@ -0,0 +1,16 @@ +# Last Modified: Fri Aug 7 16:34:37 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-directory { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-directory mr, + + # Access to directory ? + + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-dns2gns b/contrib/apparmor/gnunet-dns2gns index c860d56b07..6720c102ec 100644 --- a/contrib/apparmor/gnunet-dns2gns +++ b/contrib/apparmor/gnunet-dns2gns @@ -3,24 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-dns2gns mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-download b/contrib/apparmor/gnunet-download new file mode 100644 index 0000000000..bcc2128575 --- /dev/null +++ b/contrib/apparmor/gnunet-download @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 16:42:43 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-download { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-download mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-download-manager.scm b/contrib/apparmor/gnunet-download-manager.scm new file mode 100644 index 0000000000..a1e8c07ddf --- /dev/null +++ b/contrib/apparmor/gnunet-download-manager.scm @@ -0,0 +1,25 @@ +# vim:syntax=apparmor +# Last Modified: Tue Aug 11 11:17:17 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm { + #include <abstractions/base> + #include <abstractions/bash> + + /dev/tty rw, + + @{HOME}/.cache/guile/ccache/*-LE-*@{GNUNET_PREFIX}/bin/gnunet-download-manager.scm.go.* rw, + + @{PROC}/@{pid}/statm r, + + /usr/bin/bash ix, + /usr/bin/guile rix, + + @{GNUNET_PREFIX}/bin/gnunet-download-manager.scm r, + + /usr/share/guile/**/*.scm r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-ecc b/contrib/apparmor/gnunet-ecc new file mode 100644 index 0000000000..67e2ac4e03 --- /dev/null +++ b/contrib/apparmor/gnunet-ecc @@ -0,0 +1,15 @@ +# Last Modified: Fri Aug 7 16:54:41 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-ecc { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-ecc mr, + + #Access to filename? + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-fs b/contrib/apparmor/gnunet-fs new file mode 100644 index 0000000000..4637b251b2 --- /dev/null +++ b/contrib/apparmor/gnunet-fs @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 17:09:21 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-fs { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-fs mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-fs-gtk b/contrib/apparmor/gnunet-fs-gtk new file mode 100644 index 0000000000..0ffb0b38b5 --- /dev/null +++ b/contrib/apparmor/gnunet-fs-gtk @@ -0,0 +1,43 @@ +# Last Modified: Wed Aug 5 10:53:37 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-fs-gtk { + #include <abstractions/gnome> + #include <abstractions/kde> + #include <abstractions/dconf> + #include <abstractions/gnunet-gtk> + #include <abstractions/user-download> + +# /dev/shm/LE-* rw, + + owner @{HOME}/.config/gtk-*/bookmarks r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download-child/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/ r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/download/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/ r, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/search/** rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/ ra, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish-file/* rw, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/ ra, + owner @{HOME}/.local/share/gnunet/fs/persistence/gnunet-fs-gtk/publish/* rw, + + #Acces to files to share ? (lets create a gnunet directory in home) + owner @{HOME}/gnunet-fs/ r, + + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/* r, + + /usr/share/glib-*/schemas/gschemas.compiled r, + + #abstractions/dconf but we need write right here + /run/user/*/dconf/user rw, + + @{HOME}/.cache/thumbnails/normal/*.png r, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-gns b/contrib/apparmor/gnunet-gns new file mode 100644 index 0000000000..1b63d2506a --- /dev/null +++ b/contrib/apparmor/gnunet-gns @@ -0,0 +1,21 @@ +# Last Modified: Fri Aug 7 17:41:19 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile /usr/local/bin/gnunet-gns { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + /usr/local/bin/gnunet-gns mr, + + /usr/local/lib/gnunet/ r, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + /usr/local/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-gns-import.sh b/contrib/apparmor/gnunet-gns-import.sh new file mode 100644 index 0000000000..631717ccf4 --- /dev/null +++ b/contrib/apparmor/gnunet-gns-import.sh @@ -0,0 +1,22 @@ +# Last Modified: Tue Aug 11 10:19:01 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh { + #include <abstractions/base> + #include <abstractions/bash> + #include <abstractions/gnunet-common> + + /dev/tty rw, + /usr/bin/bash ix, + /usr/bin/gawk rix, + /usr/bin/grep rix, + /usr/bin/which rix, + @{GNUNET_PREFIX}/bin/gnunet-arm Px, + @{GNUNET_PREFIX}/bin/gnunet-config rPx, + @{GNUNET_PREFIX}/bin/gnunet-gns-import.sh r, + @{GNUNET_PREFIX}/bin/gnunet-identity Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-gns-proxy b/contrib/apparmor/gnunet-gns-proxy index 5d24b3a5e7..99a306434c 100644 --- a/contrib/apparmor/gnunet-gns-proxy +++ b/contrib/apparmor/gnunet-gns-proxy @@ -3,48 +3,15 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy { + #include <abstractions/base> #include <abstractions/gnunet-common> /etc/ssl/openssl.cnf r, @{HOME}/.local/share/gnunet/gns/gns_ca_cert.pem r, - #Librairies - /usr/lib/gconv/gconv-modules r, - /usr/lib/ld-*.so r, - /usr/lib/libcom_err.so.* mr, - /usr/lib/libcrypto.so.* mr, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnurl.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libgssapi_krb5.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libk5crypto.so.* mr, - /usr/lib/libkeyutils.so.* mr, - /usr/lib/libkrb5.so.* mr, - /usr/lib/libkrb5support.so.* mr, - /usr/lib/libltdl.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/libssh2.so.* mr, - /usr/lib/libssl.so.* mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-gns-proxy mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - /usr/share/locale/locale.alias r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-gns-proxy-setup-ca b/contrib/apparmor/gnunet-gns-proxy-setup-ca new file mode 100644 index 0000000000..cbb3fa1917 --- /dev/null +++ b/contrib/apparmor/gnunet-gns-proxy-setup-ca @@ -0,0 +1,40 @@ +# Last Modified: Tue Aug 11 11:40:50 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca { + #include <abstractions/base> + #include <abstractions/bash> + #include <abstractions/user-tmp> + #include <abstractions/openssl> + + /dev/tty rw, + /etc/passwd r, + /home/*/.local/share/gnunet/gns/ r, + /home/*/.local/share/gnunet/gns/gns_ca_cert.pem rw, + /home/*/.mozilla/firefox/ r, + /home/*/.mozilla/firefox/kw6js9xl.default/cert8.db rw, + /home/*/.mozilla/firefox/kw6js9xl.default/key3.db rw, + /home/*/.mozilla/firefox/kw6js9xl.default/secmod.db r, + /home/*/.pki/nssdb/cert8.db rw, + /home/*/.pki/nssdb/key3.db rw, + /home/*/.pki/nssdb/secmod.db r, + /home/*/.rnd rw, + + /usr/bin/bash ix, + /usr/bin/cat rix, + /usr/bin/certtool r, + /usr/bin/certutil rix, + /usr/bin/dirname rix, + /usr/bin/mkdir rix, + /usr/bin/mktemp rix, + /usr/bin/openssl rix, + /usr/bin/rm rix, + /usr/bin/which rix, + + @{GNUNET_PREFIX}/bin/gnunet-config Px, + @{GNUNET_PREFIX}/bin/gnunet-gns-proxy-setup-ca r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-gtk b/contrib/apparmor/gnunet-gtk new file mode 100644 index 0000000000..336748215b --- /dev/null +++ b/contrib/apparmor/gnunet-gtk @@ -0,0 +1,26 @@ +# Last Modified: Wed Aug 5 11:25:26 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-gtk { + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + #include <abstractions/kde> + + @{GNUNET_PREFIX}/bin/gnunet-gtk mr, + + #GNUnet gtk binaries + @{GNUNET_PREFIX}/bin/gnunet-conversation-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-identity-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px, + @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk Px, + + @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r, + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_gtk.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> + +} diff --git a/contrib/apparmor/gnunet-helper-audio-playback b/contrib/apparmor/gnunet-helper-audio-playback index b98b22b69e..67d3ba3715 100644 --- a/contrib/apparmor/gnunet-helper-audio-playback +++ b/contrib/apparmor/gnunet-helper-audio-playback @@ -2,9 +2,16 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback { + #include <abstractions/base> #include <abstractions/gnunet-common> - #include <abstractions/gnunet-libaudio> + #include <abstractions/audio> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback mr, + + /etc/machine-id r, + owner @{HOME}/.Xauthority r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-audio-record b/contrib/apparmor/gnunet-helper-audio-record index f85b83d9f2..afed73ffbb 100644 --- a/contrib/apparmor/gnunet-helper-audio-record +++ b/contrib/apparmor/gnunet-helper-audio-record @@ -2,9 +2,16 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record { + #include <abstractions/base> #include <abstractions/gnunet-common> - #include <abstractions/gnunet-libaudio> + #include <abstractions/audio> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record mr, + + /etc/machine-id r, + owner @{HOME}/.Xauthority r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-dns b/contrib/apparmor/gnunet-helper-dns index b6a102585e..b5e2195857 100644 --- a/contrib/apparmor/gnunet-helper-dns +++ b/contrib/apparmor/gnunet-helper-dns @@ -2,8 +2,8 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns { + #include <abstractions/gnunet-suid> #Capability capability net_admin, @@ -42,4 +42,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns flags=(complain) { /usr/lib/locale/locale-archive r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-exit b/contrib/apparmor/gnunet-helper-exit index d185f5b806..f69e34d0c9 100644 --- a/contrib/apparmor/gnunet-helper-exit +++ b/contrib/apparmor/gnunet-helper-exit @@ -2,11 +2,13 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit { + #include <abstractions/gnunet-suid> capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-exit mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-suid> } diff --git a/contrib/apparmor/gnunet-helper-fs-publish b/contrib/apparmor/gnunet-helper-fs-publish index ccf0cb5139..9d437194c0 100644 --- a/contrib/apparmor/gnunet-helper-fs-publish +++ b/contrib/apparmor/gnunet-helper-fs-publish @@ -2,13 +2,17 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/user-download> - /usr/lib/libbz2.so.* mr, - /usr/lib/libextractor.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, + /dev/shm/LE-* r, + + /usr/share/file/misc/magic.mgc r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-nat-client b/contrib/apparmor/gnunet-helper-nat-client index 19a5638780..ead52a5f1a 100644 --- a/contrib/apparmor/gnunet-helper-nat-client +++ b/contrib/apparmor/gnunet-helper-nat-client @@ -2,11 +2,13 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client { + #include <abstractions/gnunet-suid> capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-client mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-suid> } diff --git a/contrib/apparmor/gnunet-helper-nat-server b/contrib/apparmor/gnunet-helper-nat-server index 594d2de7a4..d458f467fe 100644 --- a/contrib/apparmor/gnunet-helper-nat-server +++ b/contrib/apparmor/gnunet-helper-nat-server @@ -2,11 +2,14 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server { + #include <abstractions/gnunet-suid> capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-nat-server mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-suid> } diff --git a/contrib/apparmor/gnunet-helper-testbed b/contrib/apparmor/gnunet-helper-testbed index 22ac133476..b7b41f6888 100644 --- a/contrib/apparmor/gnunet-helper-testbed +++ b/contrib/apparmor/gnunet-helper-testbed @@ -2,36 +2,20 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/gnunet-test> - /dev/null rw, - /etc/gai.conf r, - /usr/lib/ld-*.so r, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale.alias r, - /usr/share/locale/fr/LC_MESSAGES/libc.mo r, - - /usr/lib/gconv/gconv-modules r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r, + #@{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-transport-bluetooth b/contrib/apparmor/gnunet-helper-transport-bluetooth new file mode 100644 index 0000000000..b13ccb2690 --- /dev/null +++ b/contrib/apparmor/gnunet-helper-transport-bluetooth @@ -0,0 +1,18 @@ +# Last Modified: Tue Jul 28 11:44:00 2015 +#include <tunables/global> +#include <tunables/gnunet> + +# Add extra libs for this helper(libthread and libbluetooth) +@{LIBS}+=libpthread libbluetooth + +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth { + #include <abstractions/gnunet-suid> + + capability setuid, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-bluetooth mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-suid> + +} diff --git a/contrib/apparmor/gnunet-helper-transport-wlan b/contrib/apparmor/gnunet-helper-transport-wlan index 0f1d5cf57e..296b0c9789 100644 --- a/contrib/apparmor/gnunet-helper-transport-wlan +++ b/contrib/apparmor/gnunet-helper-transport-wlan @@ -2,11 +2,14 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan { + #include <abstractions/gnunet-suid> capability setuid, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-suid> } diff --git a/contrib/apparmor/gnunet-helper-transport-wlan-dummy b/contrib/apparmor/gnunet-helper-transport-wlan-dummy index 9ad58e5d03..1c05144175 100644 --- a/contrib/apparmor/gnunet-helper-transport-wlan-dummy +++ b/contrib/apparmor/gnunet-helper-transport-wlan-dummy @@ -2,9 +2,12 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy flags=(complain) { - #include <abstractions/gnunet-common> +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy { + #include <abstractions/gnunet-suid> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-transport-wlan-dummy mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-helper-vpn b/contrib/apparmor/gnunet-helper-vpn index 9be198d761..8631b1b7c7 100644 --- a/contrib/apparmor/gnunet-helper-vpn +++ b/contrib/apparmor/gnunet-helper-vpn @@ -2,20 +2,17 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn { + #include <abstractions/gnunet-suid> #Capability capability net_admin, capability setuid, /dev/net/tun rw, - /etc/ld.so.cache r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libc-*.so mr, - /usr/lib/libm-*.so mr, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-identity b/contrib/apparmor/gnunet-identity new file mode 100644 index 0000000000..3aa76cc6ec --- /dev/null +++ b/contrib/apparmor/gnunet-identity @@ -0,0 +1,15 @@ +# Last Modified: Fri Aug 7 17:48:29 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-identity { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{HOME}/.local/share/gnunet/identity/egos/* rw, + + @{GNUNET_PREFIX}/bin/gnunet-identity mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-identity-gtk b/contrib/apparmor/gnunet-identity-gtk new file mode 100644 index 0000000000..e7abb87950 --- /dev/null +++ b/contrib/apparmor/gnunet-identity-gtk @@ -0,0 +1,16 @@ +# Last Modified: Wed Aug 5 11:24:55 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-identity-gtk { + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + #include <abstractions/kde> + + @{GNUNET_PREFIX}/bin/gnunet-identity-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_identity_gtk_main_window.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-mesh b/contrib/apparmor/gnunet-mesh new file mode 100644 index 0000000000..9f5b07fc51 --- /dev/null +++ b/contrib/apparmor/gnunet-mesh @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 18:02:28 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-mesh { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-mesh mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-namecache b/contrib/apparmor/gnunet-namecache new file mode 100644 index 0000000000..f7eca40914 --- /dev/null +++ b/contrib/apparmor/gnunet-namecache @@ -0,0 +1,13 @@ +# Last Modified: Fri Aug 7 18:07:23 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-namecache { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-namecache mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-namestore b/contrib/apparmor/gnunet-namestore new file mode 100644 index 0000000000..c97fad77d8 --- /dev/null +++ b/contrib/apparmor/gnunet-namestore @@ -0,0 +1,21 @@ +# Last Modified: Mon Aug 10 11:05:21 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-namestore { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-namestore mr, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-namestore-fcfsd b/contrib/apparmor/gnunet-namestore-fcfsd index 9c57801a96..8ac09e69b3 100644 --- a/contrib/apparmor/gnunet-namestore-fcfsd +++ b/contrib/apparmor/gnunet-namestore-fcfsd @@ -3,29 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libffi.so.* mr, - /usr/lib/libgmp.so.* mr, - /usr/lib/libgnutls.so.* mr, - /usr/lib/libhogweed.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libmicrohttpd.so.* mr, - /usr/lib/libnettle.so.* mr, - /usr/lib/libp11-kit.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libtasn1.so.* mr, - - /usr/lib/locale/locale-archive r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-namestore-gtk b/contrib/apparmor/gnunet-namestore-gtk new file mode 100644 index 0000000000..fb3256ca95 --- /dev/null +++ b/contrib/apparmor/gnunet-namestore-gtk @@ -0,0 +1,27 @@ +# Last Modified: Wed Aug 5 11:24:52 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk { + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + #include <abstractions/kde> + + @{GNUNET_PREFIX}/bin/gnunet-namestore-gtk mr, + + @{GNUNET_PREFIX}/lib/gnunet/ r, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_conversation.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_dns.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_gnsrecord_gns.so mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_namestore_gtk_main_window.glade r, + @{GNUNET_PREFIX}/share/gnunet-gtk/qr_dummy.png r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-nat-server b/contrib/apparmor/gnunet-nat-server new file mode 100644 index 0000000000..9884383a2a --- /dev/null +++ b/contrib/apparmor/gnunet-nat-server @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 11:34:29 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-nat-server { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-nat-server mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-nse b/contrib/apparmor/gnunet-nse new file mode 100644 index 0000000000..74c0d9420d --- /dev/null +++ b/contrib/apparmor/gnunet-nse @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 11:38:47 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-nse { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-nse mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-peerinfo b/contrib/apparmor/gnunet-peerinfo new file mode 100644 index 0000000000..0c30d38af2 --- /dev/null +++ b/contrib/apparmor/gnunet-peerinfo @@ -0,0 +1,19 @@ +# Last Modified: Mon Aug 10 11:46:50 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo mr, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-peerinfo-gtk b/contrib/apparmor/gnunet-peerinfo-gtk new file mode 100644 index 0000000000..e1e0271d89 --- /dev/null +++ b/contrib/apparmor/gnunet-peerinfo-gtk @@ -0,0 +1,17 @@ +# Last Modified: Tue Aug 11 16:20:57 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk { + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + #include <abstractions/kde> + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/* r, + @{GNUNET_PREFIX}/share/gnunet-gtk/flags/*.png r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-peerstore b/contrib/apparmor/gnunet-peerstore new file mode 100644 index 0000000000..944f1bed26 --- /dev/null +++ b/contrib/apparmor/gnunet-peerstore @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 12:03:53 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-peerstore { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-peerstore mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-publish b/contrib/apparmor/gnunet-publish new file mode 100644 index 0000000000..105ff18618 --- /dev/null +++ b/contrib/apparmor/gnunet-publish @@ -0,0 +1,16 @@ +# Last Modified: Thu Aug 6 12:00:00 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-publish { + #include <abstractions/base> + #include <abstractions/gnunet-common> + #include <abstractions/user-download> + + @{GNUNET_PREFIX}/bin/gnunet-publish mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-qr b/contrib/apparmor/gnunet-qr new file mode 100644 index 0000000000..b893faf986 --- /dev/null +++ b/contrib/apparmor/gnunet-qr @@ -0,0 +1,15 @@ +# Last Modified: Tue Aug 11 16:14:05 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-qr { + #include <abstractions/base> + #include <abstractions/python> + #include <abstractions/gnunet-common> + + /usr/bin/python3.4 ix, + @{GNUNET_PREFIX}/bin/gnunet-qr r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-resolver b/contrib/apparmor/gnunet-resolver new file mode 100644 index 0000000000..e5455b257b --- /dev/null +++ b/contrib/apparmor/gnunet-resolver @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 12:21:50 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-resolver { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-resolver mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-revocation b/contrib/apparmor/gnunet-revocation new file mode 100644 index 0000000000..8cab61f4f3 --- /dev/null +++ b/contrib/apparmor/gnunet-revocation @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:03:13 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-revocation { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-revocation mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-scalarproduct b/contrib/apparmor/gnunet-scalarproduct new file mode 100644 index 0000000000..acf564a8cb --- /dev/null +++ b/contrib/apparmor/gnunet-scalarproduct @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:13:42 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-scalarproduct { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-scalarproduct mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-scrypt b/contrib/apparmor/gnunet-scrypt new file mode 100644 index 0000000000..a184bf0a37 --- /dev/null +++ b/contrib/apparmor/gnunet-scrypt @@ -0,0 +1,19 @@ +# Last Modified: Mon Aug 10 15:36:34 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-scrypt { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{HOME}/.local/share/gnunet/nse/proof.dat rw, + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + @{GNUNET_PREFIX}/bin/gnunet-scrypt mr, + + @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-search b/contrib/apparmor/gnunet-search new file mode 100644 index 0000000000..b23f91e553 --- /dev/null +++ b/contrib/apparmor/gnunet-search @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 15:59:45 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-search { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-search mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-service-arm b/contrib/apparmor/gnunet-service-arm index 5a4a78657b..546e6332e8 100644 --- a/contrib/apparmor/gnunet-service-arm +++ b/contrib/apparmor/gnunet-service-arm @@ -3,37 +3,16 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { + #include <abstractions/base> #include <abstractions/gnunet-common> - /dev/null ra, - /tmp/gnunet-*-runtime/ rw, - /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, - /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw, - /tmp/gnunet-*-runtime/gnunet-service-identity.unix rw, - /tmp/gnunet-*-runtime/gnunet-service-namestore.sock rw, - - /tmp/gnunet-system-runtime/ rw, - /tmp/gnunet-system-runtime/gnunet-service-*.sock rw, - /tmp/gnunet-system-runtime/gnunet-service-nse.unix rw, - /tmp/gnunet-system-runtime/gnunet-service-revocation.unix rw, - - /var/lib/gnunet/.local/share/gnunet/ r, - /var/lib/gnunet/.local/share/gnunet/revocation.dat r, - /var/lib/gnunet/.local/share/gnunet/peerstore/ a, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw, - /var/lib/gnunet/.config/gnunet.conf r, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, +# /tmp/gnunet-*-runtime/gnunet-service-arm.sock rw, +# /tmp/gnunet-*-runtime/gnunet-service-namestore.sock r, +# /tmp/gnunet-*-runtime/gnunet-service-identity.sock r, +# /tmp/gnunet-*-runtime/gnunet-service-gns.sock r, - /usr/lib/libsqlite3.so.* mr, - - /usr/lib/locale/locale-archive r, - - /usr/share/locale/locale-alias r, + /tmp/gnunet-*-runtime/gnunet-service-*.sock rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm mr, @@ -41,7 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, - #Gnunet daemon + #GNUnet daemon @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-exit Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-latency-logger Px, @@ -55,54 +34,9 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm { @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-namestore-fcfsd Px, - #Gnunet service - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport Px, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn Px, - - #Gnunet helper - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns r, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* r, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* r, - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr, + #GNUnet service + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-ats b/contrib/apparmor/gnunet-service-ats index 53e8495175..8e6b352952 100644 --- a/contrib/apparmor/gnunet-service-ats +++ b/contrib/apparmor/gnunet-service-ats @@ -3,18 +3,16 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-ats mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_ats_proportional.so mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> - /usr/lib/ld-*.so r, } diff --git a/contrib/apparmor/gnunet-service-cadet b/contrib/apparmor/gnunet-service-cadet index 07def08ad8..056ce49fa2 100644 --- a/contrib/apparmor/gnunet-service-cadet +++ b/contrib/apparmor/gnunet-service-cadet @@ -3,24 +3,15 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, + /tmp/gnunet-system-runtime/gnunet-service-cadet.sock rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-cadet mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-conversation b/contrib/apparmor/gnunet-service-conversation index 781c239f96..7403327681 100644 --- a/contrib/apparmor/gnunet-service-conversation +++ b/contrib/apparmor/gnunet-service-conversation @@ -3,25 +3,17 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation { + #include <abstractions/base> #include <abstractions/gnunet-common> - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libidn.so.* mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-conversation mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetconversation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetmicrophone.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetspeaker.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + #GNUnet helper + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-playback Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-audio-record Px, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-core b/contrib/apparmor/gnunet-service-core index 24fdd641c2..4d9b28353e 100644 --- a/contrib/apparmor/gnunet-service-core +++ b/contrib/apparmor/gnunet-service-core @@ -1,20 +1,15 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core { + #include <abstractions/base> #include <abstractions/gnunet-common> - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-core mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-datastore b/contrib/apparmor/gnunet-service-datastore index 363946910b..32efa4c528 100644 --- a/contrib/apparmor/gnunet-service-datastore +++ b/contrib/apparmor/gnunet-service-datastore @@ -1,27 +1,22 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/gnunet-db> - /var/lib/gnunet/.local/share/gnunet/datastore/bloomfilter.sqlite rw, - /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/datastore/sqlite.db-journal rw, - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, + @{GNUNET_USER}/.local/share/gnunet/datastore/bloomfilter.sqlite rw, + @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/datastore/sqlite.db-journal rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-datastore mr, #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr, - - #Gnunet Librairies - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetutil.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-dht b/contrib/apparmor/gnunet-service-dht index 67c45beb8f..1d09224419 100644 --- a/contrib/apparmor/gnunet-service-dht +++ b/contrib/apparmor/gnunet-service-dht @@ -3,55 +3,34 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dht mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatacache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - #Gnunet plugin @{GNUNET_PREFIX}/lib/gnunet/ r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libextractor.so.* mr, - /usr/lib/libbz2.so.* mr, - /usr/lib/librt-*.so mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libidn.so.* mr, - /tmp/gnunet-system-runtime/gnunet-service-dht.sock w, /tmp/gnunet-datacachebloom* rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-dns b/contrib/apparmor/gnunet-service-dns index ba8a31ce14..394b97eb1b 100644 --- a/contrib/apparmor/gnunet-service-dns +++ b/contrib/apparmor/gnunet-service-dns @@ -3,12 +3,13 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns { - #include <abstractions/gnunet-common> + #include <abstractions/gnunet-sgid> capability setgid, /usr/lib/ld-*.so r, + #GNUnet helper @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns mr, @@ -17,4 +18,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-dns { @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet-sgid> } diff --git a/contrib/apparmor/gnunet-service-fs b/contrib/apparmor/gnunet-service-fs index 59a74f502b..70de39c2e1 100644 --- a/contrib/apparmor/gnunet-service-fs +++ b/contrib/apparmor/gnunet-service-fs @@ -4,56 +4,34 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs { + #include <abstractions/base> #include <abstractions/gnunet-common> - /etc/gnunet.conf r, - @{HOME}/.config/gnunet.conf r, - /tmp/gnunet-system-runtime/gnunet-service-fs.sock w, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, owner @{HOME}/.local/share/gnunet/fs/idxinfo.lst r, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libbz2.so.* mr, - /usr/lib/libextractor.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/librt-*.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-fs mr, #Gnunet plugin @{GNUNET_PREFIX}/lib/gnunet/ r, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dht.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_dns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_fs.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_gns.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_regex.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_template.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_block_test.so mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdatastore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfs.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-gns b/contrib/apparmor/gnunet-service-gns index b271eecba9..25184e50db 100644 --- a/contrib/apparmor/gnunet-service-gns +++ b/contrib/apparmor/gnunet-service-gns @@ -4,27 +4,15 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns { + #include <abstractions/base> #include <abstractions/gnunet-common> - @{HOME}/.config/gnunet.conf r, + /tmp/gnunet-*-runtime/gnunet-service-gns.sock rw, - #Librairies - /usr/lib/ld-2.21.so r, - /usr/lib/libidn.so.* mr, + @{HOME}/.config/gnunet.conf r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-gns mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdns.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsstub.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetidentity.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetvpn.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-identity b/contrib/apparmor/gnunet-service-identity index 8cf0f99b6c..3e0a6bb605 100644 --- a/contrib/apparmor/gnunet-service-identity +++ b/contrib/apparmor/gnunet-service-identity @@ -3,17 +3,15 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity { + #include <abstractions/base> #include <abstractions/gnunet-common> /tmp/gnunet-*-runtime/ a, - /usr/lib/ld-*.so r, - - /var/lib/gnunet/.local/share/gnunet/identity/ a, - /var/lib/gnunet/.local/share/gnunet/identity/egos/ ra, + @{GNUNET_USER}/.local/share/gnunet/identity/ a, + @{GNUNET_USER}/.local/share/gnunet/identity/egos/ ra, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, @{HOME}/.config/gnunet/identity/subsystem_defaults.conf rw, @@ -22,4 +20,7 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-identity { @{HOME}/.local/share/gnunet/identity/egos/private-zone rk, @{HOME}/.local/share/gnunet/identity/egos/short-zone rk, @{HOME}/.local/share/gnunet/identity/egos/sks-zone rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-mesh b/contrib/apparmor/gnunet-service-mesh new file mode 100644 index 0000000000..6b79441103 --- /dev/null +++ b/contrib/apparmor/gnunet-service-mesh @@ -0,0 +1,19 @@ +# Last Modified: Fri Jul 3 17:37:56 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-mesh mr, + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + + /tmp/gnunet-system-runtime/gnunet-service-mesh.sock w, + + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-service-namecache b/contrib/apparmor/gnunet-service-namecache index 8b5f21103e..ddf6ab57e4 100644 --- a/contrib/apparmor/gnunet-service-namecache +++ b/contrib/apparmor/gnunet-service-namecache @@ -3,28 +3,21 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/gnunet-db> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namecache mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namecache_sqlite.so mr, - /var/lib/gnunet/.local/share/gnunet/namecache/ r, - /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/namecache/sqlite.db-journal rw, - - #Librairies - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/namecache/ r, + @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/namecache/sqlite.db-journal rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-namestore b/contrib/apparmor/gnunet-service-namestore index 68b94e6aaf..0ee993ea0c 100644 --- a/contrib/apparmor/gnunet-service-namestore +++ b/contrib/apparmor/gnunet-service-namestore @@ -3,34 +3,18 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/gnunet-db> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-namestore mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetnamecache.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetgnsrecord.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnamestore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetdnsparser.so.* mr, - #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr, - #Librairies - /usr/lib/libidn.so.* mr, - /usr/lib/ld-*.so r, - /usr/lib/libsqlite3.so.* mr, - /usr/lib/libpthread-*.so mr, - - /var/lib/gnunet/.local/share/gnunet/namestore/ ra, - /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/namestore/sqlite.db-journal rw, - - @{HOME}/.local/share/gnunet/namestore/ r, - @{HOME}/.local/share/gnunet/namestore/sqlite.db rwk, - @{HOME}/.local/share/gnunet/namestore/sqlite.db-journal rw, - /tmp/gnunet-*-runtime/ a, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-nse b/contrib/apparmor/gnunet-service-nse index a3f7f2a126..6b6ecf7575 100644 --- a/contrib/apparmor/gnunet-service-nse +++ b/contrib/apparmor/gnunet-service-nse @@ -3,22 +3,19 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-nse mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetnse.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /usr/lib/ld-*.so mr, - - /tmp/gnunet-system-runtime/gnunet-service-nse.unix w, + /tmp/gnunet-system-runtime/gnunet-service-nse.sock rw, @{HOME}/.local/share/gnunet/private_key.ecc rk, owner @{HOME}/.local/share/gnunet/nse/proof.dat rw, - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rwk, - /var/lib/gnunet/.local/share/gnunet/nse/proof.dat rw, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rwk, + @{GNUNET_USER}/.local/share/gnunet/nse/proof.dat rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-peerinfo b/contrib/apparmor/gnunet-service-peerinfo index 1ce4a85f8e..4da70eb534 100644 --- a/contrib/apparmor/gnunet-service-peerinfo +++ b/contrib/apparmor/gnunet-service-peerinfo @@ -1,21 +1,20 @@ # Last Modified: Wed Jul 8 17:03:17 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/share/gnunet/hellos/ r, @{GNUNET_PREFIX}/share/gnunet/hellos/* r, - /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/ r, - /var/lib/gnunet/.local/share/gnunet/peerinfo/hosts/* rw, + @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/ r, + @{GNUNET_USER}/.local/share/gnunet/peerinfo/hosts/* rw, - /usr/lib/ld-*.so r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerinfo mr, - - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-peerstore b/contrib/apparmor/gnunet-service-peerstore index 536e4ee0f7..cbab2395e6 100644 --- a/contrib/apparmor/gnunet-service-peerstore +++ b/contrib/apparmor/gnunet-service-peerstore @@ -3,22 +3,19 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore { + #include <abstractions/base> #include <abstractions/gnunet-common> - - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libpthread-*.so mr, - /usr/lib/libsqlite3.so.* mr, + #include <abstractions/gnunet-db> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-peerstore mr, #Gnunet Plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_peerstore_sqlite.so mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetpeerstore.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db rwk, - /var/lib/gnunet/.local/share/gnunet/peerstore/sqlite.db-journal rw, + @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db rwk, + @{GNUNET_USER}/.local/share/gnunet/peerstore/sqlite.db-journal rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-regex b/contrib/apparmor/gnunet-service-regex index 358675dc08..ba7a4f3a59 100644 --- a/contrib/apparmor/gnunet-service-regex +++ b/contrib/apparmor/gnunet-service-regex @@ -3,16 +3,13 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex { + #include <abstractions/base> #include <abstractions/gnunet-common> - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-regex mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetdht.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregexblock.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-resolver b/contrib/apparmor/gnunet-service-resolver index 6c5e3eb606..9e2002575b 100644 --- a/contrib/apparmor/gnunet-service-resolver +++ b/contrib/apparmor/gnunet-service-resolver @@ -3,31 +3,18 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver mr, - #Librairies - /usr/lib/ld-*.so r, - /usr/lib/libnss_files-*.so mr, - /usr/lib/libnss_gns.so.* mr, - /usr/lib/libnss_dns-*.so mr, - /usr/lib/libresolv-*.so mr, - /usr/lib/libnss_myhostname.so.* mr, - /usr/lib/librt-*.so mr, - /usr/lib/liblzma.so.* mr, - /usr/lib/liblz4.so.* mr, - /usr/lib/libacl.so.* mr, - /usr/lib/libidn.so.* mr, - /usr/lib/libseccomp.so.* mr, - /usr/lib/libcap.so.* mr, - /usr/lib/libpthread-*.so mr, - /usr/lib/libattr.so.* mr, - /etc/nsswitch.conf r, /etc/resolv.conf r, /etc/host.conf r, /etc/hosts r, /tmp/gnunet-system-runtime/gnunet-service-resolver.sock w, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-revocation b/contrib/apparmor/gnunet-service-revocation index 6e64128202..cd3c59f03d 100644 --- a/contrib/apparmor/gnunet-service-revocation +++ b/contrib/apparmor/gnunet-service-revocation @@ -1,27 +1,19 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation { + #include <abstractions/base> #include <abstractions/gnunet-common> - /etc/gnunet.conf r, - @{HOME}/.config/gnunet.conf r, - - /tmp/gnunet-system-runtime/gnunet-service-revocation.unix w, + /tmp/gnunet-system-runtime/gnunet-service-revocation.sock rw, - /var/lib/gnunet/.local/share/gnunet/revocation.dat rw, + @{GNUNET_USER}/.local/share/gnunet/revocation.dat rw, @{HOME}/.local/share/gnunet/revocation.dat rw, - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-revocation mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetrevocation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-scalarproduct-alice b/contrib/apparmor/gnunet-service-scalarproduct-alice index 7a7ba77d5b..8801ca8240 100644 --- a/contrib/apparmor/gnunet-service-scalarproduct-alice +++ b/contrib/apparmor/gnunet-service-scalarproduct-alice @@ -3,11 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice { + #include <abstractions/base> #include <abstractions/gnunet-common> - /usr/lib/ld-*.so r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-alice mr, - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, - + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-scalarproduct-bob b/contrib/apparmor/gnunet-service-scalarproduct-bob index a7faae9d02..72a7e7f84c 100644 --- a/contrib/apparmor/gnunet-service-scalarproduct-bob +++ b/contrib/apparmor/gnunet-service-scalarproduct-bob @@ -3,12 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob { + #include <abstractions/base> #include <abstractions/gnunet-common> - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-scalarproduct-bob mr, - - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetset.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-set b/contrib/apparmor/gnunet-service-set index 4aa0253d80..000884cd65 100644 --- a/contrib/apparmor/gnunet-service-set +++ b/contrib/apparmor/gnunet-service-set @@ -3,15 +3,11 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set { + #include <abstractions/base> #include <abstractions/gnunet-common> @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-set mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetblock.so.* mr, - - #Librairies - /usr/lib/ld-*.so r, + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-statistics b/contrib/apparmor/gnunet-service-statistics index e26e30edc5..e5a8df7c44 100644 --- a/contrib/apparmor/gnunet-service-statistics +++ b/contrib/apparmor/gnunet-service-statistics @@ -1,16 +1,15 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics { + #include <abstractions/base> #include <abstractions/gnunet-common> - /var/lib/gnunet/.local/share/gnunet/statistics.dat rw, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/statistics.dat rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-statistics mr, - - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-template b/contrib/apparmor/gnunet-service-template index 824183e78c..4b442239f3 100644 --- a/contrib/apparmor/gnunet-service-template +++ b/contrib/apparmor/gnunet-service-template @@ -3,14 +3,14 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template { + #include <abstractions/base> #include <abstractions/gnunet-common> /tmp/gnunet-system-runtime/ w, /tmp/gnunet-system-runtime/gnunet-service-template.sock w, - #Librairies - /usr/lib/ld-*.so r, - - #Gnunet Librairies @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-template mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-testbed b/contrib/apparmor/gnunet-service-testbed index 06e8f36ea3..24f5c45258 100644 --- a/contrib/apparmor/gnunet-service-testbed +++ b/contrib/apparmor/gnunet-service-testbed @@ -2,8 +2,10 @@ #include <tunables/global> #include <tunables/gnunet> -profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(complain) { +profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed { + #include <abstractions/base> #include <abstractions/gnunet-common> + #include <abstractions/gnunet-test> /etc/gai.conf r, @@ -11,26 +13,17 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed flags=(compla /tmp/gnunet-system-runtime/gnunet-service-testbed-barrier.sock w, /tmp/gnunet-system-runtime/gnunet-service-testbed.sock w, - /usr/lib/ld-*.so r, - - /dev/null r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-* r, @{GNUNET_PREFIX}/lib/gnunet/libexec/ r, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-arm Px, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed mr, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetarm.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetcore.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettestbed.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettesting.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, - @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, - + + #GNUnet helper + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-testbed Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-testbed-logger b/contrib/apparmor/gnunet-service-testbed-logger index 5bd6a77d3d..0baefb466f 100644 --- a/contrib/apparmor/gnunet-service-testbed-logger +++ b/contrib/apparmor/gnunet-service-testbed-logger @@ -3,6 +3,7 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger { + #include <abstractions/base> #include <abstractions/gnunet-common> #??? @@ -11,7 +12,8 @@ profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger { /tmp/gnunet-system-runtime/ w, /tmp/gnunet-system-runtime/gnunet-gnunet-testbed-logger.sock w, - /usr/lib/ld-*.so r, - @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-testbed-logger mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-transport b/contrib/apparmor/gnunet-service-transport index 52985cf1bd..ab724c153f 100644 --- a/contrib/apparmor/gnunet-service-transport +++ b/contrib/apparmor/gnunet-service-transport @@ -1,29 +1,21 @@ # Last Modified: Thu Jul 9 10:16:30 2015 - #include <tunables/global> #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport { + #include <abstractions/base> #include <abstractions/gnunet-common> - /var/lib/gnunet/.local/share/gnunet/private_key.ecc rk, - - /usr/lib/ld-*.so r, + @{GNUNET_USER}/.local/share/gnunet/private_key.ecc rk, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-transport mr, #Gnunet plugin - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, - @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, - - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetats.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetfragmentation.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunethello.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetnat.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetpeerinfo.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettransport.so.* mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-service-vpn b/contrib/apparmor/gnunet-service-vpn index 2d3438bf63..d17925f1b8 100644 --- a/contrib/apparmor/gnunet-service-vpn +++ b/contrib/apparmor/gnunet-service-vpn @@ -3,25 +3,15 @@ #include <tunables/gnunet> profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn { + #include <abstractions/base> #include <abstractions/gnunet-common> - - #Capability - capability setuid, - capability net_admin, - /dev/net/tun rw, @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-vpn mr, - #Librairies - /usr/lib/ld-*.so r, - #Gnunet helper @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-vpn Px, - #Gnunet librairies - @{GNUNET_PREFIX}/lib/libgnunetcadet.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetregex.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunetstatistics.so.* mr, - @{GNUNET_PREFIX}/lib/libgnunettun.so.* mr, + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> } diff --git a/contrib/apparmor/gnunet-set-ibf-profiler b/contrib/apparmor/gnunet-set-ibf-profiler new file mode 100644 index 0000000000..71fa986493 --- /dev/null +++ b/contrib/apparmor/gnunet-set-ibf-profiler @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 18:15:38 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-set-ibf-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-set-profiler b/contrib/apparmor/gnunet-set-profiler new file mode 100644 index 0000000000..f72c4a2264 --- /dev/null +++ b/contrib/apparmor/gnunet-set-profiler @@ -0,0 +1,14 @@ +# Last Modified: Mon Aug 10 18:17:19 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-set-profiler { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{HOME}/.local/share/gnunet/private_key.ecc rk, + @{GNUNET_PREFIX}/bin/gnunet-set-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-setup b/contrib/apparmor/gnunet-setup new file mode 100644 index 0000000000..9243dd75e5 --- /dev/null +++ b/contrib/apparmor/gnunet-setup @@ -0,0 +1,57 @@ +# Last Modified: Tue Aug 11 16:25:03 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-setup { + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + #include <abstractions/kde> + + /etc/nsswitch.conf r, + /etc/passwd r, + @{PROC}/@{pid}/fd/ r, + + /usr/bin/exo-open rix, + + @{GNUNET_PREFIX}/bin/gnunet-peerinfo-gtk Px, + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-daemon-hostlist Px, + + @{GNUNET_PREFIX}/bin/gnunet-setup mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/*.png r, + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_setup_main_window.glade r, + + @{HOME}/.config/gtk-*/bookmarks r, + + #GNUnet plugin +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_heap.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datacache_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_mysql.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_datastore_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_namestore_sqlite.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_client.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_http_server.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_client.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_https_server.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_tcp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_udp.so mr, +# @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.la r, + @{GNUNET_PREFIX}/lib/gnunet/libgnunet_plugin_transport_wlan.so mr, + + /usr/share/glib-*/schemas/gschemas.compiled r, + /usr/share/gtk-*/gtkrc r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-statistics b/contrib/apparmor/gnunet-statistics new file mode 100644 index 0000000000..d9538e35be --- /dev/null +++ b/contrib/apparmor/gnunet-statistics @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:15:07 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-statistics { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-statistics mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-statistics-gtk b/contrib/apparmor/gnunet-statistics-gtk new file mode 100644 index 0000000000..2e13b8adae --- /dev/null +++ b/contrib/apparmor/gnunet-statistics-gtk @@ -0,0 +1,16 @@ +# Last Modified: Wed Aug 5 11:25:27 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk { + #include <abstractions/kde> + #include <abstractions/gnome> + #include <abstractions/gnunet-gtk> + + @{GNUNET_PREFIX}/bin/gnunet-statistics-gtk mr, + + @{GNUNET_PREFIX}/share/gnunet-gtk/gnunet_statistics_gtk_main_window.glade r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-template b/contrib/apparmor/gnunet-template new file mode 100644 index 0000000000..844dc22aed --- /dev/null +++ b/contrib/apparmor/gnunet-template @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:22:33 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-template { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-template mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-testbed-profiler b/contrib/apparmor/gnunet-testbed-profiler new file mode 100644 index 0000000000..0f8d79ad94 --- /dev/null +++ b/contrib/apparmor/gnunet-testbed-profiler @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 16:38:17 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-testbed-profiler mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-testing b/contrib/apparmor/gnunet-testing new file mode 100644 index 0000000000..a0cac673db --- /dev/null +++ b/contrib/apparmor/gnunet-testing @@ -0,0 +1,20 @@ +# Last Modified: Mon Aug 10 16:54:53 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-testing { + #include <abstractions/base> + #include <abstractions/gnunet-common> + #include <abstractions/gnunet-test> + + /etc/gai.conf r, + + @{GNUNET_PREFIX}/bin/gnunet-testing mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-* Px, + + @{GNUNET_PREFIX}/share/gnunet/testing_hostkeys.ecc r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-transport b/contrib/apparmor/gnunet-transport new file mode 100644 index 0000000000..70b0cd2288 --- /dev/null +++ b/contrib/apparmor/gnunet-transport @@ -0,0 +1,15 @@ +# Last Modified: Mon Aug 10 17:17:40 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-transport { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-transport mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-service-resolver Px, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-transport-certificate-creation b/contrib/apparmor/gnunet-transport-certificate-creation new file mode 100644 index 0000000000..fa65305d71 --- /dev/null +++ b/contrib/apparmor/gnunet-transport-certificate-creation @@ -0,0 +1,26 @@ +# Last Modified: Mon Aug 10 17:31:32 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation { + #include <abstractions/base> + #include <abstractions/openssl> + #include <abstractions/gnunet-common> + + @{HOME}/.rnd rw, + + @{PROC}/meminfo r, + + /usr/bin/openssl rix, + + @{GNUNET_PREFIX}/bin/gnunet-transport-certificate-creation mr, + + #Access to arg privatekey and certificate ? + @{HOME}/ rw, + @{HOME}/** rw, + deny @{HOME}/.*/ rw, + deny @{HOME}/.*/** rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-unindex b/contrib/apparmor/gnunet-unindex new file mode 100644 index 0000000000..e94a33152e --- /dev/null +++ b/contrib/apparmor/gnunet-unindex @@ -0,0 +1,21 @@ +# Last Modified: Mon Aug 10 17:40:53 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-unindex { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-unindex mr, + + @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-fs-publish Px, + + #Path to files to unindex ? + @{HOME}/ rw, + @{HOME}/** rw, + deny @{HOME}/.*/ rw, + deny @{HOME}/.*/** rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-uri b/contrib/apparmor/gnunet-uri new file mode 100644 index 0000000000..d314fbad56 --- /dev/null +++ b/contrib/apparmor/gnunet-uri @@ -0,0 +1,16 @@ +# Last Modified: Mon Aug 10 18:04:08 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-uri { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + #More needed + @{GNUNET_PREFIX}/bin/gnunet-fs-gtk Px, + + @{GNUNET_PREFIX}/bin/gnunet-uri mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/gnunet-vpn b/contrib/apparmor/gnunet-vpn new file mode 100644 index 0000000000..1cf5b5eccb --- /dev/null +++ b/contrib/apparmor/gnunet-vpn @@ -0,0 +1,13 @@ +# Last Modified: Mon Aug 10 18:11:26 2015 +#include <tunables/global> +#include <tunables/gnunet> + +profile @{GNUNET_PREFIX}/bin/gnunet-vpn { + #include <abstractions/base> + #include <abstractions/gnunet-common> + + @{GNUNET_PREFIX}/bin/gnunet-vpn mr, + + # Site-specific additions and overrides. See local/README for details. + #include <local/gnunet> +} diff --git a/contrib/apparmor/tunables/gnunet b/contrib/apparmor/tunables/gnunet index e7ff8256a0..1061697146 100644 --- a/contrib/apparmor/tunables/gnunet +++ b/contrib/apparmor/tunables/gnunet @@ -1 +1,6 @@ @{GNUNET_PREFIX}=/usr/local +@{GNUNET_USER}=/var/lib/gnunet +@{LIBPRE}=/ /usr/ +@{LIBDIRS}=lib{,32,64} lib/@{multiarch} +@{LIBS}=libc libm linux-vso + |