Hello,
I've been using my own apparmor profile for fwknopd 2.0 for a while on my ubuntu
servers and I figured I'd like to share it and see if anyone can find some
improvements. I haven't checked it with fwknopd 2.5 yet. It's Debian/Ubuntu
specific and I've only tried it with GPG.
kind regards
cat /etc/apparmor.d/usr.sbin.fwknopd
# Last Modified: Wed Feb 20 08:56:57 2013
#include <tunables/global>
/usr/sbin/fwknopd {
#include <abstractions/base>
capability ipc_lock,
capability net_admin,
capability net_raw,
network inet raw,
network packet raw,
/bin/dash rix,
/etc/fwknop/access.conf r,
/etc/fwknop/fwknopd.conf r,
/etc/nsswitch.conf r,
/etc/passwd r,
/etc/protocols r,
/root/.gnupg/* rw,
/run/fwknop/* rwk,
/sbin/xtables-multi rix,
/usr/bin/gpg rix,
/usr/sbin/fwknopd mr,
/var/cache/nscd/passwd r,
}
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
