| 1 |
# $Id: bin.netstat 697 2007-05-25 03:09:30Z steve-beattie $ |
| 2 |
# vim:syntax=apparmor |
| 3 |
# ------------------------------------------------------------------ |
| 4 |
# |
| 5 |
# Copyright (C) 2002-2005 Novell/SUSE |
| 6 |
# |
| 7 |
# This program is free software; you can redistribute it and/or |
| 8 |
# modify it under the terms of version 2 of the GNU General Public |
| 9 |
# License published by the Free Software Foundation. |
| 10 |
# |
| 11 |
# ------------------------------------------------------------------ |
| 12 |
# evolution, amongst other things, calls this program. I didn't want to |
| 13 |
# give evolution access to significant chunks of /proc |
| 14 |
# |
| 15 |
|
| 16 |
#include <tunables/global> |
| 17 |
|
| 18 |
/bin/netstat { |
| 19 |
#include <abstractions/base> |
| 20 |
#include <abstractions/consoles> |
| 21 |
#include <abstractions/nameservice> |
| 22 |
|
| 23 |
capability dac_override, |
| 24 |
capability dac_read_search, |
| 25 |
capability sys_ptrace, |
| 26 |
|
| 27 |
/bin/netstat rmix, |
| 28 |
/etc/networks r, |
| 29 |
@{PROC} r, |
| 30 |
@{PROC}/[0-9]*/cmdline r, |
| 31 |
@{PROC}/[0-9]*/fd r, |
| 32 |
@{PROC}/[0-9]*/fd/ r, |
| 33 |
@{PROC}/net r, |
| 34 |
@{PROC}/net/* r, |
| 35 |
} |
Parent Directory
| 
Revision Log