James Troup has proposed merging lp:~elmo/apparmor-profiles/lldpd into
lp:apparmor-profiles.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~elmo/apparmor-profiles/lldpd/+merge/202092
Profile for lldpd. We're using this on 10.04 and 12.04 (in production) and
13.10. I've blind copied it to 14.04 as that seems to be standard practice.
--
https://code.launchpad.net/~elmo/apparmor-profiles/lldpd/+merge/202092
Your team AppArmor Developers is requested to review the proposed merge of
lp:~elmo/apparmor-profiles/lldpd into lp:apparmor-profiles.
=== added file 'ubuntu/10.04/usr.sbin.lldpd'
--- ubuntu/10.04/usr.sbin.lldpd 1970-01-01 00:00:00 +0000
+++ ubuntu/10.04/usr.sbin.lldpd 2014-01-17 13:13:03 +0000
@@ -0,0 +1,33 @@
+# Author: James Troup <james.tr...@canonical.com>
+
+#include <tunables/global>
+
+/usr/sbin/lldpd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability chown,
+ capability dac_override,
+ capability fowner,
+ capability fsetid,
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_module,
+
+ network packet raw,
+
+ /usr/sbin/lldpcli rix,
+ /usr/sbin/lldpd mr,
+
+ /var/run/lldpd.pid rw,
+ /var/run/lldpd.socket w,
+ /usr/bin/lsb_release rUx,
+
+ /proc/sys/net/ipv4/ip_forward r,
+ /sys/devices/virtual/dmi/** r,
+ /sys/devices/pci**/net/*/ifalias r,
+}
=== added file 'ubuntu/12.04/usr.sbin.lldpd'
--- ubuntu/12.04/usr.sbin.lldpd 1970-01-01 00:00:00 +0000
+++ ubuntu/12.04/usr.sbin.lldpd 2014-01-17 13:13:03 +0000
@@ -0,0 +1,39 @@
+# Author: James Troup <james.tr...@canonical.com>
+
+#include <tunables/global>
+
+/usr/sbin/lldpd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability chown,
+ capability dac_override,
+ capability fowner,
+ capability fsetid,
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_module,
+
+ network packet raw,
+
+ /usr/sbin/lldpcli rix,
+ /usr/sbin/lldpd mr,
+
+ /run/lldpd.pid rw,
+ /run/lldpd.socket rw,
+
+ /run/lldpd/var/ rw,
+ /run/lldpd/var/** rw,
+
+ /etc/os-release r,
+
+ /proc/sys/net/ipv4/ip_forward r,
+
+ /sys/devices/virtual/dmi/** r,
+ /sys/devices/virtual/net/** r,
+ /sys/devices/pci**/net/*/ifalias r,
+}
=== added file 'ubuntu/13.10/usr.sbin.lldpd'
--- ubuntu/13.10/usr.sbin.lldpd 1970-01-01 00:00:00 +0000
+++ ubuntu/13.10/usr.sbin.lldpd 2014-01-17 13:13:03 +0000
@@ -0,0 +1,39 @@
+# Author: James Troup <james.tr...@canonical.com>
+
+#include <tunables/global>
+
+/usr/sbin/lldpd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability chown,
+ capability dac_override,
+ capability fowner,
+ capability fsetid,
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_module,
+
+ network packet raw,
+
+ /usr/sbin/lldpcli rix,
+ /usr/sbin/lldpd mr,
+
+ /run/lldpd.pid rw,
+ /run/lldpd.socket rw,
+
+ /run/lldpd/var/ rw,
+ /run/lldpd/var/** rw,
+
+ /etc/os-release r,
+
+ /proc/sys/net/ipv4/ip_forward r,
+
+ /sys/devices/virtual/dmi/** r,
+ /sys/devices/virtual/net/** r,
+ /sys/devices/pci**/net/*/ifalias r,
+}
=== added file 'ubuntu/14.04/usr.sbin.lldpd'
--- ubuntu/14.04/usr.sbin.lldpd 1970-01-01 00:00:00 +0000
+++ ubuntu/14.04/usr.sbin.lldpd 2014-01-17 13:13:03 +0000
@@ -0,0 +1,39 @@
+# Author: James Troup <james.tr...@canonical.com>
+
+#include <tunables/global>
+
+/usr/sbin/lldpd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability chown,
+ capability dac_override,
+ capability fowner,
+ capability fsetid,
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_module,
+
+ network packet raw,
+
+ /usr/sbin/lldpcli rix,
+ /usr/sbin/lldpd mr,
+
+ /run/lldpd.pid rw,
+ /run/lldpd.socket rw,
+
+ /run/lldpd/var/ rw,
+ /run/lldpd/var/** rw,
+
+ /etc/os-release r,
+
+ /proc/sys/net/ipv4/ip_forward r,
+
+ /sys/devices/virtual/dmi/** r,
+ /sys/devices/virtual/net/** r,
+ /sys/devices/pci**/net/*/ifalias r,
+}
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
