| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- # Last Modified: Mon Jul 27 15:24:34 2015
- #include <tunables/global>
- #include <tunables/gnunet>
- profile @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns {
- #include <abstractions/gnunet-suid>
- #Capability
- capability net_admin,
- capability net_raw,
- capability setuid,
- /dev/net/tun rw,
- /dev/null rw,
- /etc/gai.conf r,
- /etc/group r,
- /etc/iproute2/rt_tables r,
- /etc/nsswitch.conf r,
- /etc/protocols r,
- @{PROC}/@{pid}/net/ip_tables_names r,
- @{PROC}/sys/net/ipv4/conf/all/rp_filter rw,
- @{PROC}/sys/net/ipv4/conf/default/rp_filter rw,
- /usr/bin/ip rix,
- /usr/bin/sysctl rix,
- /usr/bin/xtables-multi rix,
- #Librairies
- /usr/lib/iptables/libxt_MARK.so mr,
- /usr/lib/iptables/libxt_owner.so mr,
- /usr/lib/iptables/libxt_standard.so mr,
- /usr/lib/iptables/libxt_udp.so mr,
- /usr/lib/ld-*.so r,
- /usr/lib/libip4tc.so.* mr,
- /usr/lib/libip6tc.so.* mr,
- /usr/lib/libnss_files-*.so mr,
- /usr/lib/libxtables.so.* mr,
- /usr/lib/locale/locale-archive r,
- @{GNUNET_PREFIX}/lib/gnunet/libexec/gnunet-helper-dns mr,
-
- # Site-specific additions and overrides. See local/README for details.
- #include <local/gnunet>
- }
|
