2017-10-20 20:04:09 +00:00
|
|
|
diff --git a/apparmor.d/abstractions/nameservice b/apparmor.d/abstractions/nameservice
|
|
|
|
index 12ea151..a26c10d 100644
|
|
|
|
--- a/apparmor.d/abstractions/nameservice
|
|
|
|
+++ b/apparmor.d/abstractions/nameservice
|
|
|
|
@@ -94,6 +94,12 @@
|
|
|
|
network inet dgram,
|
|
|
|
network inet6 dgram,
|
|
|
|
|
|
|
|
+ # TODO: replace with more specific "unix" rules once support for them
|
|
|
|
+ # arrives in the Linux kernel (probably in 4.15) and gives us detailed
|
|
|
|
+ # log messages
|
|
|
|
+ network unix dgram,
|
|
|
|
+ network unix stream,
|
|
|
|
+
|
|
|
|
# TODO: adjust when support finer-grained netlink rules
|
|
|
|
# Netlink raw needed for nscd
|
|
|
|
network netlink raw,
|
|
|
|
diff --git a/apparmor.d/sbin.dhclient b/apparmor.d/sbin.dhclient
|
|
|
|
index 1064e25..f432bf3 100644
|
|
|
|
--- a/apparmor.d/sbin.dhclient
|
|
|
|
+++ b/apparmor.d/sbin.dhclient
|
|
|
|
@@ -17,6 +17,9 @@
|
|
|
|
network packet,
|
|
|
|
network raw,
|
|
|
|
|
|
|
|
+ network unix dgram,
|
|
|
|
+ network unix stream,
|
|
|
|
+
|
|
|
|
@{PROC}/[0-9]*/net/ r,
|
|
|
|
@{PROC}/[0-9]*/net/** r,
|
|
|
|
|
|
|
|
@@ -90,12 +93,15 @@
|
|
|
|
|
|
|
|
/run/NetworkManager/private-dhcp rw,
|
|
|
|
signal (send) peer=/sbin/dhclient,
|
2017-10-30 15:42:44 +00:00
|
|
|
+ signal (send) peer=dhclient,
|
2017-10-20 20:04:09 +00:00
|
|
|
|
|
|
|
/var/lib/NetworkManager/*lease r,
|
|
|
|
signal (receive) peer=/usr/sbin/NetworkManager,
|
|
|
|
ptrace (readby) peer=/usr/sbin/NetworkManager,
|
|
|
|
network inet dgram,
|
|
|
|
network inet6 dgram,
|
|
|
|
+
|
|
|
|
+ network unix stream,
|
|
|
|
}
|
|
|
|
|
|
|
|
/usr/lib/connman/scripts/dhclient-script {
|