void-packages/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd

# vim:syntax=apparmor

#include <tunables/global>

profile dhcpcd /{usr/,}bin/dhcpcd {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability chown,
  capability net_admin,
  capability net_raw,
  capability sys_admin,

  network packet dgram,
  network inet raw,
  network inet6 raw,

  /dev/pts/* rw,

  /etc/dhcpcd.{conf,duid,secret} r,
  /etc/ld.so.cache r,
  /etc/udev/udev.conf r,

  /proc/*/net/if_inet6 r,
  /proc/sys/net/ipv{4,6}/conf/*/* rw,

  /{var/,}run/dhcpcd{-*,}.pid rwk,
  /{var/,}run/dhcpcd.sock rw,
  /{var/,}run/dhcpcd.unpriv.sock rw,
  /{var/,}run/udev/data/* r,

  /sys/devices/**/net/*/uevent r,

  /{usr/,}bin/dash ix,
  /{usr/,}bin/dash mrix,

  /usr/lib/dhcpcd/dev/udev.so m,
  /usr/lib/ld-*.so m,
  /usr/lib/libc-*.so m,

  # Trust hooks and run the wrapper unconfined
  /usr/libexec/dhcpcd-run-hooks CUx,

  /var/db/dhcpcd-*.lease rw,
  /var/db/dhcpcd/** rw,
  /{usr/,}bin/dhcpcd mrix,

  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/stat r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.dhcpcd>
}