Adding apparmor-profile to allow haveged to bind to unix sockets.
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Dan Streetman
parent
59c3ee7cda
commit
2b8a9498a9
GPG key ID:
FBB4F0E80A80222F
1 changed files with 28 additions and 0 deletions
28
debian/usr.sbin.haveged
vendored
Normal file
28
debian/usr.sbin.haveged
vendored
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
# Last Modified: Fri Aug 21 15:23:17 2015
|
||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
/usr/sbin/haveged {
|
||||||
|
#include <abstractions/base>
|
||||||
|
#include <abstractions/consoles>
|
||||||
|
|
||||||
|
# Required for ioctl RNDADDENTROPY
|
||||||
|
capability sys_admin,
|
||||||
|
|
||||||
|
network unix stream,
|
||||||
|
|
||||||
|
owner @{PROC}/@{pid}/status r,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/osrelease r,
|
||||||
|
@{PROC}/sys/kernel/random/poolsize r,
|
||||||
|
@{PROC}/sys/kernel/random/write_wakeup_threshold w,
|
||||||
|
/dev/random w,
|
||||||
|
|
||||||
|
/sys/devices/system/cpu/ r,
|
||||||
|
/sys/devices/system/cpu/cpu*/cache/ r,
|
||||||
|
/sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
|
||||||
|
/usr/sbin/haveged mr,
|
||||||
|
|
||||||
|
/run/haveged.pid w,
|
||||||
|
|
||||||
|
#include <local/usr.sbin.haveged>
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue