Changeset View
Changeset View
Standalone View
Standalone View
autotests/input/usr.bin.apparmor-profile-test
| Show First 20 Lines • Show All 87 Lines • ▼ Show 20 Line(s) | 87 | profile hello_world { | |||
|---|---|---|---|---|---|
| 88 | # File rules (three different ways) | 88 | # File rules (three different ways) | ||
| 89 | file /usr/lib{,32,64}/helloworld/**.so mr, | 89 | file /usr/lib{,32,64}/helloworld/**.so mr, | ||
| 90 | /usr/lib{,32,64}/helloworld/** r, | 90 | /usr/lib{,32,64}/helloworld/** r, | ||
| 91 | rk /usr/lib{,32,64}/helloworld/hello,file, | 91 | rk /usr/lib{,32,64}/helloworld/hello,file, | ||
| 92 | 92 | | |||
| 93 | # Link rules (two ways) | 93 | # Link rules (two ways) | ||
| 94 | l /foo1 -> /bar, | 94 | l /foo1 -> /bar, | ||
| 95 | link /foo2 -> bar, | 95 | link /foo2 -> bar, | ||
| 96 | link /foo3 to bar, | | |||
| 97 | link subset /link* -> /**, | 96 | link subset /link* -> /**, | ||
| 98 | 97 | | |||
| 99 | # Network rules | 98 | # Network rules | ||
| 100 | network inet6 tcp, | 99 | network inet6 tcp, | ||
| 101 | network netlink dgram, | 100 | network netlink dgram, | ||
| 102 | network bluetooth, | 101 | network bluetooth, | ||
| 103 | network unspec dgram, | 102 | network unspec dgram, | ||
| 104 | 103 | | |||
| Show All 21 Lines | |||||
| 126 | unix (send,receive) type=(stream) protocol=0 peer=(addr=none), | 125 | unix (send,receive) type=(stream) protocol=0 peer=(addr=none), | ||
| 127 | unix peer=(label=@{profile_name},addr=@helloworld), | 126 | unix peer=(label=@{profile_name},addr=@helloworld), | ||
| 128 | 127 | | |||
| 129 | # Rlimit rule | 128 | # Rlimit rule | ||
| 130 | set rlimit data <= 100M, | 129 | set rlimit data <= 100M, | ||
| 131 | set rlimit nproc <= 10, | 130 | set rlimit nproc <= 10, | ||
| 132 | set rlimit memlock <= 2GB, | 131 | set rlimit memlock <= 2GB, | ||
| 133 | set rlimit rss <= infinity, | 132 | set rlimit rss <= infinity, | ||
| 133 | set rlimit nice <= -12, | ||||
| 134 | 134 | | |||
| 135 | # Change Profile rules | 135 | # Change Profile rules | ||
| 136 | change_profile unsafe /** -> [^u/]**, | 136 | change_profile unsafe /** -> [^u/]**, | ||
| 137 | change_profile unsafe /** -> {u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}, | 137 | change_profile unsafe /** -> {u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}, | ||
| 138 | change_profile /bin/bash -> | 138 | change_profile /bin/bash -> | ||
| 139 | new_profile//hat, | 139 | new_profile//hat, | ||
| 140 | } | 140 | } | ||
| 141 | 141 | | |||
| ▲ Show 20 Lines • Show All 134 Lines • Show Last 20 Lines | |||||