# vim:syntax=apparmor #include profile dhcpcd /{usr/,}bin/dhcpcd { #include #include capability chown, capability net_admin, capability net_raw, capability sys_admin, network packet dgram, network inet raw, network inet6 raw, /dev/pts/* rw, /etc/dhcpcd.{conf,duid,secret} r, /etc/ld.so.cache r, /etc/udev/udev.conf r, /proc/*/net/if_inet6 r, /proc/sys/net/ipv{4,6}/conf/*/* rw, /{var/,}run/dhcpcd{-*,}.pid rwk, /{var/,}run/dhcpcd.sock rw, /{var/,}run/dhcpcd.unpriv.sock rw, /{var/,}run/udev/data/* r, /sys/devices/**/net/*/uevent r, /{usr/,}bin/dash ix, /{usr/,}bin/dash mrix, /usr/lib/dhcpcd/dev/udev.so m, /usr/lib/ld-*.so m, /usr/lib/libc-*.so m, # Trust hooks and run the wrapper unconfined /usr/libexec/dhcpcd-run-hooks CUx, /var/db/dhcpcd-*.lease rw, /var/db/dhcpcd/** rw, /{usr/,}bin/dhcpcd mrix, # Site-specific additions and overrides. See local/README for details. #include }