utils: Add AppArmor profiles
continuous-integration/drone/pr Build is passing Details

Add AppArmor profiles to lock down daemon and cli wallet.
pull/303/head
Matt Smith 4 years ago
parent fd66a5f7e1
commit 9cc1a1ad48
Signed by untrusted user: asymptotically
GPG Key ID: D0EAC8943FB1B2C1

@ -0,0 +1,23 @@
#include <tunables/global>
# Change to wherever you store your wallet files and start wallet from.
@{WALLET_DIR} = /home/*/Documents/Wownero
profile wownero-wallet-cli /usr/{,local/}bin/wownero-wallet-cli {
#include <abstractions/base>
#include <abstractions/openssl>
# TODO: Use <abstractions/nameservice> when it is fixed.
/etc/gai.conf r,
/etc/host.conf r,
/etc/hosts r,
/etc/nsswitch.conf r,
/etc/resolv.conf r,
/etc/inputrc r,
/etc/terminfo/** r,
owner /home/*/.wow-shared-ringdb/* rwk,
owner @{WALLET_DIR}/* rwk,
}

@ -0,0 +1,19 @@
#include <tunables/global>
profile wownerod /usr/{,local/}bin/wownerod {
#include <abstractions/base>
#include <abstractions/openssl>
/etc/inputrc r,
/etc/terminfo/** r,
/sys/devices/**/rotational r,
owner /home/*/.wownero/{,/testnet/,/stagenet/} w,
owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/ w,
owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/* rwk,
owner /home/*/.wownero/{,/testnet/,/stagenet/}p2pstate.bin rw,
owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.conf r,
owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.log w,
}
Loading…
Cancel
Save