[apparmor] [Merge] lp:~elmo/apparmor-profiles/wpa-supplicant into lp:apparmor-profiles
Cameron Norman
camerontnorman at gmail.com
Mon Jun 8 14:59:13 UTC 2015
Review: Needs Fixing
Some suggestions inline.
Diff comments:
> === added file 'ubuntu/15.04/sbin.wpa_supplicant'
> --- ubuntu/15.04/sbin.wpa_supplicant 1970-01-01 00:00:00 +0000
> +++ ubuntu/15.04/sbin.wpa_supplicant 2015-04-24 19:33:31 +0000
> @@ -0,0 +1,39 @@
> +# Author: James Troup <james.troup at canonical.com>
> +
> +#include <tunables/global>
> +
> +/sbin/wpa_supplicant {
> + #include <abstractions/base>
> + #include <abstractions/dbus-strict>
> +
> + capability net_admin,
> + capability net_raw,
> + network inet dgram,
> + network inet raw,
> + network packet dgram,
> + network netlink,
> +
> + /sbin/wpa_supplicant mr,
> +
> + /run/wpa_supplicant/ rw,
> + /run/wpa_supplicant/** rw,
These two should be /{,var/}run...
> +
> + /run/dbus/system_bus_socket rw,
This line is unnecessary; it is included in abstractions/dbus-strict
> + /run/sendsigs.omit.d/wpasupplicant.pid rw,
/{,var/}run...
> +
> + @{PROC}/@{pid}/psched r,
should this not be `@{PROC}/@{pid}/net/psched` ?
> +
> + /dev/rfkill r,
> +
> + dbus (send, receive)
> + bus=system
> + path=/fi/w1/wpa_supplicant1,
> +
> + dbus (send, receive)
> + bus=system
> + path=/fi/w1/wpa_supplicant1/**,
> +
> + dbus (send,receive)
> + bus=system
> + path=/fi/epitest/hostap/WPASupplicant/**,
> +}
>
--
https://code.launchpad.net/~elmo/apparmor-profiles/wpa-supplicant/+merge/257431
Your team AppArmor Developers is requested to review the proposed merge of lp:~elmo/apparmor-profiles/wpa-supplicant into lp:apparmor-profiles.
More information about the AppArmor
mailing list