[tor-commits] [obfsproxy/master] basic AppArmor obfsproxy profile

asn at torproject.org asn at torproject.org
Sat Mar 10 01:51:47 UTC 2012


commit f8a71be3206b56dc832a7496adee5c10caabea54
Author: Jacob Appelbaum <jacob at appelbaum.net>
Date:   Mon Feb 13 18:28:12 2012 -0500

    basic AppArmor obfsproxy profile
---
 misc/obfsproxy.apparmor |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/misc/obfsproxy.apparmor b/misc/obfsproxy.apparmor
new file mode 100644
index 0000000..3117646
--- /dev/null
+++ b/misc/obfsproxy.apparmor
@@ -0,0 +1,33 @@
+# vim:syntax=apparmor
+# Last Modified: Mon Feb 13 18:13:47 EST 2012
+# Author: Jacob Appelbaum <jacob at appelbaum.net>
+#include <tunables/global>
+
+#
+/usr/local/bin/obfsproxy {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  /lib/ r,
+  /lib/** rmixk,
+  /usr/local/lib/ r,
+  /usr/local/lib/** rmixk,
+  /lib32/ r,
+  /lib32/** rmixk,
+  /lib64/ r,
+  /lib64/** rmixk,
+
+  capability net_bind_service,
+
+  network packet,
+
+  /proc/sys/kernel/random/uuid r,
+  /dev/random r,
+  /dev/urandom r,
+
+  /usr/local/bin/obfsproxy mr,
+
+  ### XXX: TODO
+  # we need a generic place for log files to be written
+
+}





More information about the tor-commits mailing list