apparmor.d

commit: 878c280a6c03b22b47b008dcd1d0e0c67a4b380b
parent 09482f1443ce2aa2789fd82271d240ca296d02a9
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Mon, 14 Aug 2023 22:21:20 +0200

sbin.dhcpcd: Update

Diffstat:
M
sbin.dhcpcd
49
+++++++++++++++++++++++++++++++++----------------

1 file changed, 33 insertions(+), 16 deletions(-)
diff --git a/sbin.dhcpcd b/sbin.dhcpcd
@@ -1,31 +1,48 @@
-# Last Modified: Mon Oct 19 08:29:42 2020
-#include <tunables/global>
+# Copyright 2020-2023 Haelwenn (lanodan) Monnier <contact+apparmor.d@hacktivis.me>
+# Distributed under the terms of the GNU General Public License v2
+include <tunables/global>
 
 /sbin/dhcpcd flags=(complain) {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability net_admin,
+  capability net_raw,
+
+  capability sys_chroot,
+  capability setgid,
+  capability setuid,
 
   signal receive set=term,
   signal send peer="ntpd",
 
-  /lib64/dhcpcd/dhcpcd-run-hooks Px,
+  /lib{,64}/dhcpcd/dhcpcd-run-hooks ix,
   /sbin/dhcpcd mr,
 
-  owner /bin/bash r,
   owner /etc/dhcpcd.conf r,
-  owner /etc/udev/udev.conf r,
+
+  /etc/udev/udev.conf r,
+  /run/udev/data/* r,
+  /sys/devices/**/net/**/uevent r,
+  /sys/devices/virtual/net/**/uevent r,
+
   owner /proc/*/mountinfo r,
   owner /proc/*/net/if_inet6 r,
   owner /proc/*/stat r,
-  owner /proc/cpuinfo r,
-  owner /proc/sys/net/** r,
-  owner /proc/sys/net/** w,
-  owner /run/dhcpcd.* wk,
-  owner /run/udev/data/* r,
-  owner /sys/devices/**/net/**/uevent r,
-  owner /sys/devices/virtual/net/**/uevent r,
-  owner /var/lib/dhcpcd/* r,
+  /proc/cpuinfo r,
+  /proc/sys/kernel/hostname r,
+
+  owner /proc/sys/net/** rw,
+
+  owner /run/dhcpcd/** rwlk,
+  owner /var/lib/dhcpcd/* rw,
+
+  /bin/gsed rix,
+  /usr/bin/cmp rix,
+  /bin/rm rix,
+
+  /etc/ntpd.conf r,
+
+  unix (getattr),
 }