mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
profiles: update wireshark profile for modern releases
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Steve Beattie
@@ -16,29 +16,66 @@
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/bash>
|
||||
#include <abstractions/consoles>
|
||||
#include <abstractions/dconf>
|
||||
#include <abstractions/dbus-session-strict>
|
||||
#include <abstractions/ibus>
|
||||
#include <abstractions/kde>
|
||||
#include <abstractions/nameservice>
|
||||
#include <abstractions/gnome>
|
||||
#include <abstractions/user-write>
|
||||
#include <abstractions/X>
|
||||
|
||||
#include <abstractions/dbus-accessibility-strict>
|
||||
dbus (send)
|
||||
bus=session
|
||||
peer=(name=org.a11y.Bus),
|
||||
dbus (receive)
|
||||
bus=session
|
||||
interface=org.a11y.atspi**,
|
||||
dbus (receive, send)
|
||||
bus=accessibility,
|
||||
|
||||
capability net_raw,
|
||||
|
||||
/etc/ethers r,
|
||||
# From abstractions/evince
|
||||
deny /run/udev/data/** r,
|
||||
|
||||
@{HOME}/.wireshark/* rw,
|
||||
@{HOME}/.fonts.cache-* r,
|
||||
/etc/ethers r,
|
||||
/etc/udev/udev.conf r,
|
||||
/etc/wireshark/** r,
|
||||
|
||||
owner @{HOME}/.wireshark/* rw,
|
||||
owner @{HOME}/.config/wireshark/* rw,
|
||||
owner @{HOME}/.config/QtProject.conf rw,
|
||||
owner @{HOME}/.config/QtProject.conf.lock rw,
|
||||
owner @{HOME}/.fonts.cache-* r,
|
||||
|
||||
owner @{HOME}/.config/dconf/user w,
|
||||
owner /{,var/}run/user/*/dconf/user w,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/net/dev r,
|
||||
/sys/devices/pci[0-9]*/**/uevent r,
|
||||
|
||||
/etc/pango/pango.modules r,
|
||||
/usr/lib/gtk-*/*/loaders/* mr,
|
||||
/usr/share/* r,
|
||||
/usr/share/icons/** r,
|
||||
/usr/share/icons/ r,
|
||||
/usr/share/icons/** rk,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/mime/* r,
|
||||
/usr/lib/firefox/firefox.sh rPx,
|
||||
/usr/bin/wireshark mixr,
|
||||
/usr/share/icons r,
|
||||
/usr/share/mime/* r,
|
||||
/usr/share/snmp/mibs r,
|
||||
/usr/share/snmp/mibs/* r,
|
||||
/usr/share/snmp/mibs/.index rw,
|
||||
/usr/share/wireshark/** r,
|
||||
/usr/share/GeoIP/ r,
|
||||
/usr/share/GeoIP/** r,
|
||||
/usr/lib/@{multiarch}/wireshark/extcap/* ix,
|
||||
/usr/lib/@{multiarch}/wireshark/plugins/**/ r,
|
||||
/usr/lib/@{multiarch}/wireshark/plugins/**.so mr,
|
||||
|
||||
# for reading pcaps
|
||||
/**.pcap r,
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user