1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#include <tunables/global>
@sbindir@/lldpd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability chown,
capability dac_override,
capability fowner,
capability fsetid,
capability kill,
capability net_admin,
capability net_raw,
capability setgid,
capability setuid,
capability sys_chroot,
capability sys_module,
# Need to receive/send raw packets
network packet raw,
@sbindir@/lldpd mr,
/run/systemd/notify w,
# Ability to run lldpcli for self-configuration
@sbindir@/lldpcli rix,
@sysconfdir@/lldpd.d/ r,
@sysconfdir@/lldpd.d/* r,
@sysconfdir@/lldpd.conf r,
# PID file and socket
@LLDPD_PID_FILE@ rw,
@LLDPD_CTL_SOCKET@ rw,
# Chroot setup
@PRIVSEP_CHROOT@ w,
@PRIVSEP_CHROOT@/etc/ rw,
@PRIVSEP_CHROOT@/etc/localtime rw,
# Gather system description
/etc/os-release r,
/usr/lib/os-release r,
/usr/bin/lsb_release Cxr -> lsb_release,
profile lsb_release {
#include <abstractions/base>
#include <abstractions/python>
/usr/bin/lsb_release r,
/bin/dash ixr,
/usr/bin/dpkg-query ixr,
/usr/include/python2.[4567]/pyconfig.h r,
/etc/lsb-release r,
/etc/debian_version r,
/var/lib/dpkg/** r,
/usr/local/lib/python3.[0-5]/dist-packages/ r,
/usr/bin/ r,
/usr/bin/python3.[0-5] r,
}
# Gather network information
@{PROC}/sys/net/ipv4/ip_forward r,
@{PROC}/net/bonding/* r,
@{PROC}/self/net/bonding/* r,
/sys/devices/virtual/dmi/** r,
/sys/devices/pci**/net/*/ifalias r,
}
|