diff options
Diffstat (limited to 'snappy/meta/walinuxagent.apparmor')
| -rw-r--r-- | snappy/meta/walinuxagent.apparmor | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/snappy/meta/walinuxagent.apparmor b/snappy/meta/walinuxagent.apparmor deleted file mode 100644 index 8315713..0000000 --- a/snappy/meta/walinuxagent.apparmor +++ /dev/null @@ -1,85 +0,0 @@ -# AppArmor confinement for waagent - -#include <tunables/global> - -# Specified profile variables -###VAR### - -###PROFILEATTACH### flags=(attach_disconnected) { - #include <abstractions/base> - #include <abstractions/ssl_certs> - #include <abstractions/openssl> - #include <abstractions/python> - - # Executable binaries - /usr/{,s}bin/* ixr, - /{,s}bin/* ixr, - - # Capabilities - capability net_bind_service, - capability net_raw, - capability net_admin, - capability dac_override, - capability sys_module, - capability sys_admin, - capability sys_ptrace, - - ptrace (read), - ptrace (trace), - - mount, - umount, - network, - - # Log path - /var/log/waagent.log rw, - /var/log/azure/ rw, - /var/log/azure/** rw, - - # Lib path - /var/lib/waagent/ rw, - /var/lib/waagent/** mrwlk, - # Enable VM extensions to execute unconfined - /var/lib/waagent/** PUx, - /{,usr/}lib/ r, - /{,usr/}lib/** r, - - /etc/ r, - /etc/** r, - /etc/udev/rules.d/** w, - - /usr/share/ r, - /usr/share/** r, - /usr/local/{,s}bin/ r, - /usr/{,s}bin/ r, - /{,s}bin/ r, - - /dev/ r, - /dev/sr0 r, - /dev/null w, - /dev/console rw, - /dev/tty rw, - - /run/ r, - /run/** r, - /run/mount/utab w, - /run/waagent.pid w, - - @{PROC}/ r, - @{PROC}/** r, - - /sys/module/ r, - /sys/module/** r, - /sys/firmware/acpi/tables/** r, - /sys/block/ r, - /sys/block/sd*/device/timeout rw, - /sys/devices/** rw, - - /mnt/cdrom/ rw, - /mnt/cdrom/secure/ rw, - - # Writable for the install directory - @{CLICK_DIR}/@{APP_PKGNAME}/ r, - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/ r, - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/** mrwklix, -} |