Add profile for iftop (#604)

* Add profile for iftop * iftop: clean up formatting
roddhjav · Nov 21, 2024 · 8efdc5d · 8efdc5d
1 parent 044f80b
commit 8efdc5d
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/apparmor.d/profiles-g-l/iftop b/apparmor.d/profiles-g-l/iftop
@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Zane Zakraisek <[email protected]>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/iftop
+profile iftop @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
+
+  capability net_raw,
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+  network packet raw,
+
+  @{exec_path} mr,
+
+  /usr/share/terminfo/** r,
+
+  owner @{HOME}/.iftoprc r,
+
+  # When running in promiscuous mode
+  @{sys}/devices/**/net/*/statistics/* r,
+
+  include if exists <local/iftop>
+}
+
+# vim:syntax=apparmor