commit f8a71be3206b56dc832a7496adee5c10caabea54 Author: Jacob Appelbaum jacob@appelbaum.net Date: Mon Feb 13 18:28:12 2012 -0500

basic AppArmor obfsproxy profile --- misc/obfsproxy.apparmor | 33 +++++++++++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/misc/obfsproxy.apparmor b/misc/obfsproxy.apparmor new file mode 100644 index 0000000..3117646 --- /dev/null +++ b/misc/obfsproxy.apparmor @@ -0,0 +1,33 @@ +# vim:syntax=apparmor +# Last Modified: Mon Feb 13 18:13:47 EST 2012 +# Author: Jacob Appelbaum jacob@appelbaum.net +#include <tunables/global> + +# +/usr/local/bin/obfsproxy { + #include <abstractions/base> + #include <abstractions/nameservice> + + /lib/ r, + /lib/** rmixk, + /usr/local/lib/ r, + /usr/local/lib/** rmixk, + /lib32/ r, + /lib32/** rmixk, + /lib64/ r, + /lib64/** rmixk, + + capability net_bind_service, + + network packet, + + /proc/sys/kernel/random/uuid r, + /dev/random r, + /dev/urandom r, + + /usr/local/bin/obfsproxy mr, + + ### XXX: TODO + # we need a generic place for log files to be written + +}