nexmon – Rev 1
?pathlinks?
#include <tunables/global>
/usr/bin/airdecloak-ng {
#include <abstractions/base>
#include <abstractions/private-files-strict>
# No need to access dot files
deny @{HOME}/.** rw,
# For reading pcap files
@{HOME}/** r,
/tmp/** r,
# For writing output files
owner @{HOME}/** w,
owner /tmp/** w,
# Needed for ptrace/core dumps
/usr/bin/airdecloak-ng rm,
}