ac938da314
* dhcpcd, wpa_supplicant: add small additional permissions * wpa_cli: remove profile, it causes issues with the -a flag; expected impact is low: wpa_cli is run as a normal user, and it does not serve requests to other users.
49 lines
972 B
Text
49 lines
972 B
Text
#include <tunables/global>
|
|
|
|
/usr/bin/wpa_supplicant {
|
|
#include <abstractions/base>
|
|
#include <abstractions/dbus-strict>
|
|
|
|
capability net_admin,
|
|
capability net_raw,
|
|
capability chown,
|
|
capability dac_override,
|
|
capability fsetid,
|
|
network inet dgram,
|
|
network inet raw,
|
|
network packet dgram,
|
|
network netlink,
|
|
|
|
/usr/bin/wpa_supplicant mr,
|
|
|
|
/run/wpa_supplicant/ rw,
|
|
/run/wpa_supplicant/** rw,
|
|
|
|
/run/dbus/system_bus_socket rw,
|
|
/run/sendsigs.omit.d/wpasupplicant.pid rw,
|
|
|
|
/etc/wpa_supplicant/ rw,
|
|
/etc/wpa_supplicant/** rw,
|
|
|
|
/etc/nsswitch.conf r,
|
|
/etc/group r,
|
|
|
|
@{PROC}/sys/net/ipv{4,6}/conf/*/* rw,
|
|
@{PROC}/@{pid}/psched r,
|
|
|
|
/dev/rfkill r,
|
|
|
|
dbus (send, receive)
|
|
bus=system
|
|
path=/fi/w1/wpa_supplicant1,
|
|
|
|
dbus (send, receive)
|
|
bus=system
|
|
path=/fi/w1/wpa_supplicant1/**,
|
|
|
|
dbus (send,receive)
|
|
bus=system
|
|
path=/fi/epitest/hostap/WPASupplicant/**,
|
|
|
|
#include <local/usr.bin.wpa_supplicant>
|
|
}
|