bluez-tools: Add package bluezetools

[feed/packages.git] / utils / apparmor / patches / 060-openwrt-dnsmasq-profile.patch

--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -1,3 +1,10 @@
+# Last Modified: Thu Jun 10 01:23:44 2021
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{TFTP_DIR} = /srv/tftp /srv/tftpboot /var/tftp
+
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2009 John Dong <jdong@ubuntu.com>
@@ -9,126 +16,95 @@
 #
 # ------------------------------------------------------------------
 
-abi <abi/3.0>,
-
-@{TFTP_DIR}=/var/tftp /srv/tftp /srv/tftpboot
 
-include <tunables/global>
 profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/dbus>
   include <abstractions/nameservice>
+  include <abstractions/user-tmp>
+  include if exists <local/usr.sbin.dnsmasq>
 
   capability chown,
+  capability dac_override,
+  capability net_admin, # for DHCP server
   capability net_bind_service,
+  capability net_raw, # for DHCP server ping checks
   capability setgid,
   capability setuid,
-  capability dac_override,
-  capability net_admin,         # for DHCP server
-  capability net_raw,           # for DHCP server ping checks
+
   network inet raw,
   network inet6 raw,
 
-  signal (receive) peer=/usr/{bin,sbin}/libvirtd,
-  signal (receive) peer=libvirtd,
-  ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
-  ptrace (readby) peer=libvirtd,
+  signal receive peer=/usr/{bin,sbin}/libvirtd,
+  signal receive peer=libvirtd,
 
-  owner /dev/tty rw,
+  ptrace readby peer=/usr/{bin,sbin}/libvirtd,
+  ptrace readby peer=libvirtd,
 
-  @{PROC}/@{pid}/fd/ r,
-
-  /etc/dnsmasq.conf r,
-  /etc/dnsmasq.d/ r,
-  /etc/dnsmasq.d/* r,
-  /etc/dnsmasq.d-available/ r,
-  /etc/dnsmasq.d-available/* r,
-  /etc/ethers r,
-  /etc/NetworkManager/dnsmasq.d/ r,
-  /etc/NetworkManager/dnsmasq.d/* r,
   /etc/NetworkManager/dnsmasq-shared.d/ r,
   /etc/NetworkManager/dnsmasq-shared.d/* r,
+  /etc/NetworkManager/dnsmasq.d/ r,
+  /etc/NetworkManager/dnsmasq.d/* r,
   /etc/dnsmasq-conf.conf r,
   /etc/dnsmasq-resolv.conf r,
-
-  /usr/{bin,sbin}/dnsmasq mr,
-
-  /var/log/dnsmasq*.log w,
-
+  /etc/dnsmasq.conf r,
+  /etc/dnsmasq.d-available/ r,
+  /etc/dnsmasq.d-available/* r,
+  /etc/dnsmasq.d/ r,
+  /etc/dnsmasq.d/* r,
+  /etc/ethers r,
+  /tmp/** r,
+  /usr/libexec/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
+  /usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
   /usr/share/dnsmasq{-base,}/ r,
   /usr/share/dnsmasq{-base,}/* r,
-
-  @{run}/*dnsmasq*.pid w,
-  @{run}/dnsmasq-forwarders.conf r,
-  @{run}/dnsmasq/ r,
-  @{run}/dnsmasq/* rw,
-
+  /usr/{bin,sbin}/dnsmasq mr,
+  /var/lib/NetworkManager/dnsmasq-*.leases rw,
+  /var/lib/libvirt/dnsmasq/ r,
+  /var/lib/libvirt/dnsmasq/* r,
+  /var/lib/lxd-bridge/dnsmasq.*.leases rw,
+  /var/lib/lxd/networks/*/dnsmasq.* r,
+  /var/lib/lxd/networks/*/dnsmasq.leases rw,
+  /var/lib/lxd/networks/*/dnsmasq.pid rw,
+  /var/lib/misc/dnsmasq.*.leases rw,
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
-
+  /var/log/dnsmasq*.log w,
   /{,usr/}bin/{ba,da,}sh ix, # Required to execute --dhcp-script argument
-
-  # access to iface mtu needed for Router Advertisement messages in IPv6
-  # Neighbor Discovery protocol (RFC 2461)
+  @{PROC}/@{pid}/fd/ r,
   @{PROC}/sys/net/ipv6/conf/*/mtu r,
-
-  # for the read-only TFTP server
   @{TFTP_DIR}/ r,
   @{TFTP_DIR}/** r,
-
-  # libvirt config and hosts file for dnsmasq
-  /var/lib/libvirt/dnsmasq/          r,
-  /var/lib/libvirt/dnsmasq/*         r,
-
-  # libvirt pid files for dnsmasq
-  @{run}/libvirt/network/      r,
+  @{run}/*dnsmasq*.pid w,
+  @{run}/NetworkManager/NetworkManager.pid w,
+  @{run}/NetworkManager/dnsmasq.conf r,
+  @{run}/NetworkManager/dnsmasq.pid w,
+  @{run}/dnsmasq-forwarders.conf r,
+  @{run}/dnsmasq/ r,
+  @{run}/dnsmasq/* rw,
+  @{run}/libvirt/network/ r,
   @{run}/libvirt/network/*.pid rw,
-
-  # libvirt lease helper
-  /usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
-  /usr/libexec/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
-
-  # lxc-net pid and lease files
-  @{run}/lxc/dnsmasq.pid    rw,
-  /var/lib/misc/dnsmasq.*.leases rw,
-
-  # lxd-bridge pid and lease files
-  @{run}/lxd-bridge/dnsmasq.pid   rw,
-  /var/lib/lxd-bridge/dnsmasq.*.leases rw,
-  /var/lib/lxd/networks/*/dnsmasq.* r,
-  /var/lib/lxd/networks/*/dnsmasq.leases rw,
-  /var/lib/lxd/networks/*/dnsmasq.pid rw,
-
-  # NetworkManager integration
-  /var/lib/NetworkManager/dnsmasq-*.leases rw,
+  @{run}/lxc/dnsmasq.pid rw,
+  @{run}/lxd-bridge/dnsmasq.pid rw,
   @{run}/nm-dns-dnsmasq.conf r,
   @{run}/nm-dnsmasq-*.pid rw,
   @{run}/sendsigs.omit.d/*dnsmasq.pid w,
-  @{run}/NetworkManager/dnsmasq.conf r,
-  @{run}/NetworkManager/dnsmasq.pid w,
-  @{run}/NetworkManager/NetworkManager.pid w,
+  owner /dev/tty rw,
+
 
   profile libvirt_leaseshelper {
     include <abstractions/base>
 
     /etc/libnl-3/classid r,
-
-    /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
     /usr/libexec/libvirt_leaseshelper m,
-
-    owner @{PROC}/@{pid}/net/psched r,
-    owner @{PROC}/@{pid}/status r,
-
+    /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
+    /var/lib/libvirt/dnsmasq/*.leases rw,
+    /var/lib/libvirt/dnsmasq/*.status* rw,
+    @{run}/leaseshelper.pid rwk,
     @{sys}/devices/system/cpu/ r,
     @{sys}/devices/system/node/ r,
     @{sys}/devices/system/node/*/meminfo r,
+    owner @{PROC}/@{pid}/net/psched r,
+    owner @{PROC}/@{pid}/status r,
 
-    # libvirt lease and status files for dnsmasq
-    /var/lib/libvirt/dnsmasq/*.leases  rw,
-    /var/lib/libvirt/dnsmasq/*.status* rw,
-
-    @{run}/leaseshelper.pid rwk,
   }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.dnsmasq>
 }