From 705e1f230767bc2ae50a4142a636d492d6b06865 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Mon, 3 Jul 2017 06:55:36 +0000
Subject: [PATCH] Remove tcpdump profile: it's shipped by the tcpdump package
>= 4.9.0-3.
---
debian/README.Debian | 3 +-
debian/copyright | 4 ---
profiles/usr.sbin.tcpdump | 66 ---------------------------------------
3 files changed, 1 insertion(+), 72 deletions(-)
delete mode 100644 profiles/usr.sbin.tcpdump
diff --git a/debian/README.Debian b/debian/README.Debian
index 79ba1f9..d3be50a 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -6,7 +6,6 @@ Included profiles
the apparmor-profiles repository at commit 392d8ab.
- irssi: taken from the apparmor-profiles repository at commit 392d8ab.
- Pidgin: taken from the apparmor-profiles repository at commit 392d8ab.
-- tcpdump: taken from Ubuntu's tcpdump 4.9.0-2ubuntu2
- Totem: taken from the apparmor-profiles repository at commit 392d8ab.
Sources
@@ -17,4 +16,4 @@ apparmor-profiles repository
https://code.launchpad.net/~apparmor-dev/apparmor-profiles/+git/apparmor-profiles/+ref/master
- -- intrigeri <intrigeri@debian.org>, Sun, 2 Apr 2017 15:59:15 +0200
+ -- intrigeri <intrigeri@debian.org>, Mon, 3 Jul 2017 08:55:10 +0200
diff --git a/debian/copyright b/debian/copyright
index 9d2c812..4b22e3c 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -21,10 +21,6 @@ Files: profiles/abstractions/totem profiles/usr.bin.totem*
Copyright: 2008-2014 AppArmor developers <apparmor@lists.ubuntu.com>
License: GPL-2+
-Files: profiles/usr.sbin.tcpdump
-Copyright: 2008-2014 AppArmor developers <apparmor@lists.ubuntu.com>
-License: GPL-2+
-
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
diff --git a/profiles/usr.sbin.tcpdump b/profiles/usr.sbin.tcpdump
deleted file mode 100644
index ca2a115..0000000
--- a/profiles/usr.sbin.tcpdump
+++ /dev/null
@@ -1,66 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Wed Feb 3 07:58:30 2009
-# Author: Jamie Strandboge <jamie@canonical.com>
-#include <tunables/global>
-
-/usr/sbin/tcpdump {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
-
- capability net_raw,
- capability setuid,
- capability setgid,
- capability dac_override,
- network raw,
- network packet,
-
- # for -D
- capability sys_module,
- @{PROC}/bus/usb/ r,
- @{PROC}/bus/usb/** r,
-
- # for finding an interface
- @{PROC}/[0-9]*/net/dev r,
- /sys/bus/usb/devices/ r,
- /sys/class/net/ r,
- /sys/devices/**/net/* r,
-
- # for -j
- capability net_admin,
-
- # for tracing USB bus, which libpcap supports
- /dev/usbmon* r,
- /dev/bus/usb/ r,
- /dev/bus/usb/** r,
-
- # for init_etherarray(), with -e
- /etc/ethers r,
-
- # for USB probing (see libpcap-1.1.x/pcap-usb-linux.c:probe_devices())
- /dev/bus/usb/**/[0-9]* w,
-
- # for -z
- /{usr/,}bin/gzip ixr,
- /{usr/,}bin/bzip2 ixr,
-
- # for -F and -w
- audit deny @{HOME}/.* mrwkl,
- audit deny @{HOME}/.*/ rw,
- audit deny @{HOME}/.*/** mrwkl,
- audit deny @{HOME}/bin/ rw,
- audit deny @{HOME}/bin/** mrwkl,
- owner @{HOME}/ r,
- owner @{HOME}/** rw,
-
- # for -r, -F and -w
- /**.[pP][cC][aA][pP] rw,
-
- # for convenience with -r (ie, read pcap files from other sources)
- /var/log/snort/*log* r,
-
- /usr/sbin/tcpdump mr,
-
- # Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.tcpdump>
-}
--
GitLab