From e2b11ed24cf91aed421429bdd6830c629ee6a89a Mon Sep 17 00:00:00 2001 From: Viktor Villainov Date: Sun, 5 May 2019 09:23:15 -0400 Subject: [PATCH 1/2] Add AppArmor profile --- contrib/apparmor/usr.local.bin.lokinet | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 contrib/apparmor/usr.local.bin.lokinet diff --git a/contrib/apparmor/usr.local.bin.lokinet b/contrib/apparmor/usr.local.bin.lokinet new file mode 100644 index 000000000..471df5064 --- /dev/null +++ b/contrib/apparmor/usr.local.bin.lokinet @@ -0,0 +1,21 @@ +# Last Modified: Sat May 4 18:48:24 2019 +#include + +/usr/local/bin/lokinet { + #include + + capability net_admin, + capability net_bind_service, + + network inet dgram, + network inet6 dgram, + network netlink raw, + + /dev/net/tun rw, + /lib/@{multiarch}/ld-*.so mr, + /usr/local/bin/lokinet mr, + + owner @{HOME}/.lokinet/ rw, + owner @{HOME}/.lokinet/** rwk, + +} From 35b113f29e0dc423c9c35d03c9d285928654a546 Mon Sep 17 00:00:00 2001 From: Viktor Villainov Date: Sun, 5 May 2019 14:03:09 -0400 Subject: [PATCH 2/2] [AppArmor] Debian paths --- .../apparmor/{usr.local.bin.lokinet => usr.bin.lokinet} | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename contrib/apparmor/{usr.local.bin.lokinet => usr.bin.lokinet} (76%) diff --git a/contrib/apparmor/usr.local.bin.lokinet b/contrib/apparmor/usr.bin.lokinet similarity index 76% rename from contrib/apparmor/usr.local.bin.lokinet rename to contrib/apparmor/usr.bin.lokinet index 471df5064..97791cbb8 100644 --- a/contrib/apparmor/usr.local.bin.lokinet +++ b/contrib/apparmor/usr.bin.lokinet @@ -1,7 +1,7 @@ # Last Modified: Sat May 4 18:48:24 2019 #include -/usr/local/bin/lokinet { +/usr/bin/lokinet { #include capability net_admin, @@ -13,7 +13,10 @@ /dev/net/tun rw, /lib/@{multiarch}/ld-*.so mr, - /usr/local/bin/lokinet mr, + /usr/bin/lokinet mr, + + owner /var/lib/lokinet/ rw, + owner /var/lib/lokinet/** rwk, owner @{HOME}/.lokinet/ rw, owner @{HOME}/.lokinet/** rwk,