CasperSecurity

Current Path : /snap/core20/2717/etc/apparmor.d/abstractions/
Upload File :
Current File : //snap/core20/2717/etc/apparmor.d/abstractions/nameservice

# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  # Many programs wish to perform nameservice-like operations, such as
  # looking up users by name or id, groups by name or id, hosts by name
  # or IP, etc. These operations may be performed through files, dns,
  # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
  /etc/group              r,
  /etc/host.conf          r,
  /etc/hosts              r,
  /etc/nsswitch.conf      r,
  /etc/gai.conf           r,
  /etc/passwd             r,
  /etc/protocols          r,

  # libtirpc (used for NIS/YP login) needs this
  /etc/netconfig r,

  # When using libnss-extrausers, the passwd and group files are merged from
  # an alternate path
  /var/lib/extrausers/group  r,
  /var/lib/extrausers/passwd r,

  # NSS records from systemd-userdbd.service
  /{,var/}run/systemd/userdb/ r,
  /{,var/}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
  @{PROC}/sys/kernel/random/boot_id r,

  # When using sssd, the passwd and group files are stored in an alternate path
  # and the nss plugin also needs to talk to a pipe
  /var/lib/sss/mc/group   r,
  /var/lib/sss/mc/initgroups r,
  /var/lib/sss/mc/passwd  r,
  /var/lib/sss/pipes/nss  rw,

  /etc/resolv.conf        r,
  # On systems where /etc/resolv.conf is managed programmatically, it is
  # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
  /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
  /etc/resolvconf/run/resolv.conf r,
  /{,var/}run/systemd/resolve/stub-resolv.conf r,

  /etc/samba/lmhosts      r,
  /etc/services           r,
  # db backend
  /var/lib/misc/*.db      r,
  # The Name Service Cache Daemon can cache lookups, sometimes leading
  # to vast speed increases when working with network-based lookups.
  /{,var/}run/.nscd_socket   rw,
  /{,var/}run/nscd/socket    rw,
  /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r,
  # nscd renames and unlinks files in it's operation that clients will
  # have open
  /{,var/}run/nscd/db*  rmix,

  # The nss libraries are sometimes used in addition to PAM; make sure
  # they are available
  /{usr/,}lib{,32,64}/libnss_*.so*      mr,
  /{usr/,}lib/@{multiarch}/libnss_*.so*      mr,
  /etc/default/nss               r,

  # avahi-daemon is used for mdns4 resolution
  /{,var/}run/avahi-daemon/socket rw,

  # libnl-3-200 via libnss-gw-name
  @{PROC}/@{pid}/net/psched r,
  /etc/libnl-*/classid r,

  # nis
  #include <abstractions/nis>

  # ldap
  #include <abstractions/ldapclient>

  # winbind
  #include <abstractions/winbind>

  # likewise
  #include <abstractions/likewise>

  # mdnsd
  #include <abstractions/mdns>

  # kerberos
  #include <abstractions/kerberosclient>

  # resolve
  #
  # Allow access to the safe members of the systemd-resolved D-Bus API:
  #
  #   https://www.freedesktop.org/wiki/Software/systemd/resolved/
  #
  # This API may be used directly over the D-Bus system bus or it may be used
  # indirectly via the nss-resolve plugin:
  #
  #   https://www.freedesktop.org/software/systemd/man/nss-resolve.html
  #
  #include <abstractions/dbus-strict>
  dbus send
       bus=system
       path="/org/freedesktop/resolve1"
       interface="org.freedesktop.resolve1.Manager"
       member="Resolve{Address,Hostname,Record,Service}"
       peer=(name="org.freedesktop.resolve1"),

  # libnss-systemd
  #
  #   https://systemd.io/USER_GROUP_API/
  #   https://systemd.io/USER_RECORD/
  #   https://www.freedesktop.org/software/systemd/man/nss-systemd.html
  #
  # Allow User/Group lookups via common VarLink socket APIs. Applications need
  # to either consult all of them or the io.systemd.Multiplexer frontend.
  /run/systemd/userdb/ r,
  /run/systemd/userdb/io.systemd.Multiplexer rw,
  /run/systemd/userdb/io.systemd.DynamicUser rw,        # systemd-exec users
  /run/systemd/userdb/io.systemd.Home rw,               # systemd-home dirs
  /run/systemd/userdb/io.systemd.NameServiceSwitch rw,  # UNIX/glibc NSS

  # Also allow lookups for systemd-exec's DynamicUsers via D-Bus
  #   https://www.freedesktop.org/software/systemd/man/systemd.exec.html
  dbus send
       bus=system
       path="/org/freedesktop/systemd1"
       interface="org.freedesktop.systemd1.Manager"
       member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}"
       peer=(name="org.freedesktop.systemd1"),

  # TCP/UDP network access
  network inet  stream,
  network inet6 stream,
  network inet  dgram,
  network inet6 dgram,

  # TODO: adjust when support finer-grained netlink rules
  # Netlink raw needed for nscd
  network netlink raw,

  # interface details
  @{PROC}/@{pid}/net/route r,
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY