Remove tcpdump profile: it's shipped by the tcpdump package >= 4.9.0-3.

705e1f23 · intrigeri · 46703ecf · 705e1f23 · 705e1f23 · 46703ecf
Commit 705e1f23 authored 7 years ago by intrigeri
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -6,7 +6,6 @@ Included profiles
  the apparmor-profiles repository at commit 392d8ab.
 - irssi: taken from the apparmor-profiles repository at commit 392d8ab.
 - Pidgin: taken from the apparmor-profiles repository at commit 392d8ab.
- tcpdump: taken from Ubuntu's tcpdump 4.9.0-2ubuntu2
 - Totem: taken from the apparmor-profiles repository at commit 392d8ab.

 Sources
@@ -17,4 +16,4 @@ apparmor-profiles repository

 https://code.launchpad.net/~apparmor-dev/apparmor-profiles/+git/apparmor-profiles/+ref/master

- -- intrigeri <intrigeri@debian.org>, Sun,  2 Apr 2017 15:59:15 +0200
+ -- intrigeri <intrigeri@debian.org>, Mon,  3 Jul 2017 08:55:10 +0200
--- a/debian/copyright
+++ b/debian/copyright
@@ -21,10 +21,6 @@ Files: profiles/abstractions/totem profiles/usr.bin.totem*
 Copyright: 2008-2014 AppArmor developers <apparmor@lists.ubuntu.com>
 License: GPL-2+

-Files: profiles/usr.sbin.tcpdump
-Copyright: 2008-2014 AppArmor developers <apparmor@lists.ubuntu.com>
-License: GPL-2+
-
 License: GPL-2+
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

--- a/profiles/usr.sbin.tcpdump
+++ b/profiles/usr.sbin.tcpdump
-# vim:syntax=apparmor
-# Last Modified: Wed Feb  3 07:58:30 2009
-# Author: Jamie Strandboge <jamie@canonical.com>
-#include <tunables/global>
-
-/usr/sbin/tcpdump {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
-
-  capability net_raw,
-  capability setuid,
-  capability setgid,
-  capability dac_override,
-  network raw,
-  network packet,
-
-  # for -D
-  capability sys_module,
-  @{PROC}/bus/usb/ r,
-  @{PROC}/bus/usb/** r,
-
-  # for finding an interface
-  @{PROC}/[0-9]*/net/dev r,
-  /sys/bus/usb/devices/ r,
-  /sys/class/net/ r,
-  /sys/devices/**/net/* r,
-
-  # for -j
-  capability net_admin,
-
-  # for tracing USB bus, which libpcap supports
-  /dev/usbmon* r,
-  /dev/bus/usb/ r,
-  /dev/bus/usb/** r,
-
-  # for init_etherarray(), with -e
-  /etc/ethers r,
-
-  # for USB probing (see libpcap-1.1.x/pcap-usb-linux.c:probe_devices())
-  /dev/bus/usb/**/[0-9]* w,
-
-  # for -z
-  /{usr/,}bin/gzip ixr,
-  /{usr/,}bin/bzip2 ixr,
-
-  # for -F and -w
-  audit deny @{HOME}/.* mrwkl,
-  audit deny @{HOME}/.*/ rw,
-  audit deny @{HOME}/.*/** mrwkl,
-  audit deny @{HOME}/bin/ rw,
-  audit deny @{HOME}/bin/** mrwkl,
-  owner @{HOME}/ r,
-  owner @{HOME}/** rw,
-
-  # for -r, -F and -w
-  /**.[pP][cC][aA][pP] rw,
-
-  # for convenience with -r (ie, read pcap files from other sources)
-  /var/log/snort/*log* r,
-
-  /usr/sbin/tcpdump mr,
-
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.sbin.tcpdump>
-}