forked from wownero/wownero
Add AppArmor profiles to lock down daemon and cli wallet.release-v0.9.3.3
parent
08a0e737f9
commit
a3c9befbb5
@ -0,0 +1,23 @@
|
|||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
# Change to wherever you store your wallet files and start wallet from.
|
||||||
|
@{WALLET_DIR} = /home/*/Documents/Wownero
|
||||||
|
|
||||||
|
profile wownero-wallet-cli /usr/{,local/}bin/wownero-wallet-cli {
|
||||||
|
#include <abstractions/base>
|
||||||
|
#include <abstractions/openssl>
|
||||||
|
|
||||||
|
# TODO: Use <abstractions/nameservice> when it is fixed.
|
||||||
|
/etc/gai.conf r,
|
||||||
|
/etc/host.conf r,
|
||||||
|
/etc/hosts r,
|
||||||
|
/etc/nsswitch.conf r,
|
||||||
|
/etc/resolv.conf r,
|
||||||
|
|
||||||
|
/etc/inputrc r,
|
||||||
|
/etc/terminfo/** r,
|
||||||
|
|
||||||
|
owner /home/*/.wow-shared-ringdb/* rwk,
|
||||||
|
owner @{WALLET_DIR}/* rwk,
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,19 @@
|
|||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
profile wownerod /usr/{,local/}bin/wownerod {
|
||||||
|
#include <abstractions/base>
|
||||||
|
#include <abstractions/openssl>
|
||||||
|
|
||||||
|
/etc/inputrc r,
|
||||||
|
/etc/terminfo/** r,
|
||||||
|
|
||||||
|
/sys/devices/**/rotational r,
|
||||||
|
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/} w,
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/ w,
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/* rwk,
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/}p2pstate.bin rw,
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.conf r,
|
||||||
|
owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.log w,
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in new issue