[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r18662 - in gnunet/contrib: . apparmor
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r18662 - in gnunet/contrib: . apparmor |
|
Date: |
Sat, 17 Dec 2011 19:32:02 +0100 |
Author: grothoff
Date: 2011-12-17 19:32:02 +0100 (Sat, 17 Dec 2011)
New Revision: 18662
Added:
gnunet/contrib/apparmor/
gnunet/contrib/apparmor/usr.bin.gnunet-helper-nat-server
Log:
adding apparmor profile for gnunet-helper-nat-server from Jacob
Added: gnunet/contrib/apparmor/usr.bin.gnunet-helper-nat-server
===================================================================
--- gnunet/contrib/apparmor/usr.bin.gnunet-helper-nat-server
(rev 0)
+++ gnunet/contrib/apparmor/usr.bin.gnunet-helper-nat-server 2011-12-17
18:32:02 UTC (rev 18662)
@@ -0,0 +1,30 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011 Jacob Appelbaum <address@hidden>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This should be placed in /etc/apparmor.d/usr.sbin.gnunet-helper-nat-server
+# This profile may be a reasonable starting point for other NAT helpers.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+/usr/bin/gnunet-helper-nat-server {
+ #include <abstractions/base>
+ #include <abstractions/consoles>
+
+ # Allow these
+ capability net_raw,
+ capability setuid,
+ network inet raw,
+ network inet dgram, # UDP IPv4
+
+ # Deny these
+ deny network inet6 stream, # TCP IPv6
+ deny network inet6 dgram, # UDP IPv6
+
+ # Deny everything else by default with AppArmor
+}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r18662 - in gnunet/contrib: . apparmor,
gnunet <=