nexmon – Rev 1
?pathlinks?
#include <tunables/global>
/usr/sbin/tkiptun-ng {
#include <abstractions/base>
#include <abstractions/private-files-strict>
capability net_admin,
capability net_raw,
capability setuid,
capability sys_module,
network packet raw,
deny @{HOME}/.** rw,
@{HOME}/** r,
/bin/ r,
/bin/*sh Cx,
/usr/sbin/tkiptun-ng mr,
/proc/*/net/psched r,
/sbin/ r,
/sbin/iwpriv Cx,
/tmp/ r,
/usr/bin/ r,
/usr/local/bin/ r,
/usr/local/sbin/ r,
/usr/sbin/ r,
profile /bin/*sh {
#include <abstractions/base>
/bin/*sh mr,
/bin/ls rix,
/proc/filesystems r,
/sys/class/ieee80211/ r,
}
profile /sbin/iwpriv {
#include <abstractions/base>
capability net_admin,
capability sys_module,
network inet dgram,
/sbin/iwpriv mr,
}
}