Home Explore Help
Register Sign In
OWEALs
/
gnunet
mirror of https://gnunet.org/git/gnunet.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 3e5eeaabb6
Branches Tags
gnunet
/
contrib
/
apparmor
/
usr.bin.gnunet-helper-nat-server

usr.bin.gnunet-helper-nat-server 973 B
History Raw

1234567891011121314151617181920212223242526272829303132 
  1. # ------------------------------------------------------------------
    2. 

  2. #
    3. 

  3. #  Copyright (C) 2011 Jacob Appelbaum <jacob@appelbaum.net>
    4. 

  4. #
    5. 

  5. #  This program is free software; you can redistribute it and/or
    6. 

  6. #  modify it under the terms of version 2 of the GNU General Public
    7. 

  7. #  License published by the Free Software Foundation.
    8. 

  8. #
    9. 

  9. #  SPDX-License-Identifier: GPL2.0
    10. 

  10. #
    11. 

  11. #  This should be placed in /etc/apparmor.d/usr.sbin.gnunet-helper-nat-server
    12. 

  12. #  This profile may be a reasonable starting point for other NAT helpers.
    13. 

  13. #
    14. 

  14. # ------------------------------------------------------------------
    15. 

  15. 

  16. #include <tunables/global>
    17. 

  17. /usr/bin/gnunet-helper-nat-server {
    18. 

  18.   #include <abstractions/base>
    19. 

  19.   #include <abstractions/consoles>
    20. 

  20. 

  21.   # Allow these
    22. 

  22.   capability net_raw,
    23. 

  23.   capability setuid,
    24. 

  24.   network inet raw,
    25. 

  25.   network inet dgram, # UDP IPv4
    26. 

  26. 

  27.   # Deny these
    28. 

  28.   deny network inet6 stream, # TCP IPv6
    29. 

  29.   deny network inet6 dgram, # UDP IPv6
    30. 

  30. 

  31.   # Deny everything else by default with AppArmor
    32. 

  32. }
    33.