mstemm/usr.sbin.tcpdump.apparmor

## usr.sbin.tcpdump.apparmor
# From /etc/apparmor.d/usr.sbin.tcpdump on Ubuntu 9.04 and https://wiki.ubuntu.com/AppArmor#Example_profile

#include <tunables/global>

/usr/sbin/tcpdump {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>

  capability net_raw,
  capability setuid,
  capability setgid,
  capability dac_override,
  network raw,
  network packet,

  # for -D
  capability sys_module,
  @{PROC}/bus/usb/ r,
  @{PROC}/bus/usb/** r,

  # for -F and -w
  audit deny @{HOME}/.* mrwkl,
  audit deny @{HOME}/.*/ rw,
  audit deny @{HOME}/.*/** mrwkl,
  audit deny @{HOME}/bin/ rw,
  audit deny @{HOME}/bin/** mrwkl,
  @{HOME}/ r,
  @{HOME}/** rw,

  /usr/sbin/tcpdump r,
}
	# From /etc/apparmor.d/usr.sbin.tcpdump on Ubuntu 9.04 and https://wiki.ubuntu.com/AppArmor#Example_profile

	#include <tunables/global>

	/usr/sbin/tcpdump {
	#include <abstractions/base>
	#include <abstractions/nameservice>
	#include <abstractions/user-tmp>

	capability net_raw,
	capability setuid,
	capability setgid,
	capability dac_override,
	network raw,
	network packet,

	# for -D
	capability sys_module,
	@{PROC}/bus/usb/ r,
	@{PROC}/bus/usb/** r,

	# for -F and -w
	audit deny @{HOME}/.* mrwkl,
	audit deny @{HOME}/.*/ rw,
	audit deny @{HOME}/./* mrwkl,
	audit deny @{HOME}/bin/ rw,
	audit deny @{HOME}/bin/** mrwkl,
	@{HOME}/ r,
	@{HOME}/** rw,

	/usr/sbin/tcpdump r,
	}