pool/mumble
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mumble/murmur.apparmor
Dirk Stoecker 69de16f7fa Accepting request 843706 from home:darix:playground 
- update apparmor profiles to get warning free again on 15.2
  - use abstractions for ssl files
  - allow inet dgram sockets as mumble can also work via udp
  - allow netlink socket (probably for dbus)
  - properly allow lsb_release again
  - add support for optional local include
- start murmurd directly as user mumble-server it gets rid of the
  dac_override/setgid/setuid/chown permissions

OBS-URL: https://build.opensuse.org/request/show/843706
OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=126
2020-10-24 11:33:25 +00:00

43 lines
1.0 KiB
Plaintext
Raw Blame History

# Last Modified: Thu Mar 24 13:33:08 2011
#include <tunables/global>
profile murmurd /usr/sbin/murmurd {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/ssl_certs>
#include <abstractions/user-tmp>
# needed for real time scheduling of the mixer threads
capability sys_resource,
network inet dgram,
network inet stream,
network netlink,
/usr/share/icu/*/icu*.dat r,
/etc/mumble-server.ini rk,
/usr/bin/lsb_release cx,
/var/lib/mumble-server/ rwk,
/var/lib/mumble-server/** rwk,
/var/log/mumble-server/murmur.log w,
/var/run/mumble-server/mumble-server.pid w,
profile /usr/bin/lsb_release {
#include <abstractions/base>
#include <abstractions/consoles>
/{usr/,}bin/bash rm,
/proc/meminfo r,
/usr/bin/getopt rmix,
/usr/bin/head rmix,
/usr/bin/grep rmix,
/usr/bin/sed rmix,
/usr/bin/cut rmix,
/usr/bin/lsb_release r,
/etc/SuSE-release r,
}
#include if exists <local/usr.sbin.murmurd>
}
Reference in New Issue View Git Blame Copy Permalink