diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark index 85f342fdf..373a6ebe1 100644 --- a/profiles/apparmor/profiles/extras/usr.bin.wireshark +++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark @@ -16,29 +16,66 @@ #include #include #include + #include + #include + #include #include #include #include #include #include + #include + dbus (send) + bus=session + peer=(name=org.a11y.Bus), + dbus (receive) + bus=session + interface=org.a11y.atspi**, + dbus (receive, send) + bus=accessibility, + capability net_raw, - /etc/ethers r, + # From abstractions/evince + deny /run/udev/data/** r, - @{HOME}/.wireshark/* rw, - @{HOME}/.fonts.cache-* r, + /etc/ethers r, + /etc/udev/udev.conf r, + /etc/wireshark/** r, + + owner @{HOME}/.wireshark/* rw, + owner @{HOME}/.config/wireshark/* rw, + owner @{HOME}/.config/QtProject.conf rw, + owner @{HOME}/.config/QtProject.conf.lock rw, + owner @{HOME}/.fonts.cache-* r, + + owner @{HOME}/.config/dconf/user w, + owner /{,var/}run/user/*/dconf/user w, + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/fd/ r, + @{PROC}/@{pid}/net/dev r, + /sys/devices/pci[0-9]*/**/uevent r, /etc/pango/pango.modules r, /usr/lib/gtk-*/*/loaders/* mr, - /usr/share/* r, - /usr/share/icons/** r, + /usr/share/icons/ r, + /usr/share/icons/** rk, + /usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/mime/* r, /usr/lib/firefox/firefox.sh rPx, /usr/bin/wireshark mixr, - /usr/share/icons r, /usr/share/mime/* r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/* r, /usr/share/snmp/mibs/.index rw, + /usr/share/wireshark/** r, + /usr/share/GeoIP/ r, + /usr/share/GeoIP/** r, + /usr/lib/@{multiarch}/wireshark/extcap/* ix, + /usr/lib/@{multiarch}/wireshark/plugins/**/ r, + /usr/lib/@{multiarch}/wireshark/plugins/**.so mr, + + # for reading pcaps + /**.pcap r, }