hostapd/apparmor-usr.sbin.hostapd

abi <abi/3.0>,

#include <tunables/global>

profile hostapd /usr/sbin/hostapd {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability net_admin,
  capability net_raw,
  network packet,
  network raw,

  # for RADIUS
  network inet dgram,
  network inet6 dgram,

  # grant read access to config files
  /etc/hostapd.* r,

  /etc/libnl/classid r,

  #/proc/*/net/psched r,

  # grant access to RFKILL control device
  /dev/rfkill rw,

  /run/hostapd/ rw,
  /run/hostapd/* rw,

}
Accepting request 874698 from home:stroeder:network - added AppArmor profile (source apparmor-usr.sbin.hostapd) OBS-URL: https://build.opensuse.org/request/show/874698 OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=59 2021-03-03 08:10:09 +01:00			`abi <abi/3.0>,`

			`#include <tunables/global>`

			`profile hostapd /usr/sbin/hostapd {`
			`#include <abstractions/base>`
			`#include <abstractions/nameservice>`

			`capability net_admin,`
			`capability net_raw,`
			`network packet,`
			`network raw,`

			`# for RADIUS`
			`network inet dgram,`
			`network inet6 dgram,`

			`# grant read access to config files`
			`/etc/hostapd.* r,`

			`/etc/libnl/classid r,`

			`#/proc/*/net/psched r,`

			`# grant access to RFKILL control device`
			`/dev/rfkill rw,`

			`/run/hostapd/ rw,`
			`/run/hostapd/* rw,`

			`}`