Merge pull request 'Add AppArmor profiles' (#303) from asymptotically/wownero:apparmor into master

Reviewed-on: https://git.wownero.com/wownero/wownero/pulls/303
2020-07-23 05:23:09 +00:00 · 2020-07-23 05:23:09 +00:00 · 83a26b1291
parent 3d0153dd8e 9cc1a1ad48
commit 83a26b1291
2 changed files with 42 additions and 0 deletions
--- a/utils/apparmor/usr.bin.wownero-wallet-cli
+++ b/utils/apparmor/usr.bin.wownero-wallet-cli
@ -0,0 +1,23 @@
+#include <tunables/global>
+
+# Change to wherever you store your wallet files and start wallet from.
+@{WALLET_DIR} = /home/*/Documents/Wownero
+
+profile wownero-wallet-cli /usr/{,local/}bin/wownero-wallet-cli {
+  #include <abstractions/base>
+  #include <abstractions/openssl>
+
+  # TODO: Use <abstractions/nameservice> when it is fixed.
+  /etc/gai.conf r,
+  /etc/host.conf r,
+  /etc/hosts r,
+  /etc/nsswitch.conf r,
+  /etc/resolv.conf r,
+
+  /etc/inputrc r,
+  /etc/terminfo/** r,
+
+  owner /home/*/.wow-shared-ringdb/* rwk,
+  owner @{WALLET_DIR}/* rwk,
+
+}
--- a/utils/apparmor/usr.bin.wownerod
+++ b/utils/apparmor/usr.bin.wownerod
@ -0,0 +1,19 @@
+#include <tunables/global>
+
+profile wownerod /usr/{,local/}bin/wownerod {
+  #include <abstractions/base>
+  #include <abstractions/openssl>
+
+  /etc/inputrc r,
+  /etc/terminfo/** r,
+
+  /sys/devices/**/rotational r,
+
+  owner /home/*/.wownero/{,/testnet/,/stagenet/} w,
+  owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/ w,
+  owner /home/*/.wownero/{,/testnet/,/stagenet/}lmdb/* rwk,
+  owner /home/*/.wownero/{,/testnet/,/stagenet/}p2pstate.bin rw,
+  owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.conf r,
+  owner /home/*/.wownero/{,/testnet/,/stagenet/}wownero.log w,
+
+}