__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
# vim:syntax=apparmor
# Last Modified: Fri Jun 1 16:43:22 2007
#include <tunables/global>
profile named /usr/sbin/named flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
capability sys_resource,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/cache/bind/** lrw,
/var/cache/bind/ rw,
# Database file used by allow-new-zones
/var/cache/bind/_default.nzd-lock rwk,
# gssapi
/etc/krb5.keytab kr,
/etc/bind/krb5.keytab kr,
# ssl
/etc/ssl/*.cnf r,
/etc/ssl/*.conf r,
# root hints from dns-data-root
/usr/share/dns/root.* r,
# GeoIP data files for GeoIP ACLs
/usr/share/GeoIP/** r,
# dnscvsutil package
/var/lib/dnscvsutil/compiled/** rw,
# Allow changing worker thread names
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
# named need to check if hugepages is available
/sys/kernel/mm/transparent_hugepage/enabled r,
@{PROC}/net/if_inet6 r,
@{PROC}/*/net/if_inet6 r,
@{PROC}/sys/net/ipv4/ip_local_port_range r,
/usr/sbin/named mr,
/{,var/}run/named/named.pid w,
/{,var/}run/named/session.key w,
# support for resolvconf
/{,var/}run/named/named.options r,
# some people like to put logs in /var/log/named/ instead of having
# syslog do the heavy lifting.
/var/log/named/** rw,
/var/log/named/ rw,
# gssapi
/var/lib/sss/pubconf/krb5.include.d/** r,
/var/lib/sss/pubconf/krb5.include.d/ r,
/var/lib/sss/mc/initgroups r,
/etc/gss/mech.d/ r,
# ldap
/etc/ldap/ldap.conf r,
/{,var/}run/slapd-*.socket rw,
# dynamic updates
/var/tmp/DNS_* rw,
# dyndb backends
/usr/lib/bind/*.so rm,
# Samba DLZ
/{usr/,}lib/@{multiarch}/samba/bind9/*.so rm,
/{usr/,}lib/@{multiarch}/samba/gensec/*.so rm,
/{usr/,}lib/@{multiarch}/samba/ldb/*.so rm,
/{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm,
/var/lib/samba/bind-dns/dns.keytab rk,
/var/lib/samba/bind-dns/named.conf r,
/var/lib/samba/bind-dns/dns/** rwk,
/var/lib/samba/private/dns.keytab rk,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns/** rwk,
/etc/samba/smb.conf r,
/dev/urandom rwmk,
owner /var/tmp/krb5_* rwk,
# systemd sd_notify
/run/systemd/notify w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.named>
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| abi | Folder | 0755 |
|
|
| abstractions | Folder | 0755 |
|
|
| disable | Folder | 0755 |
|
|
| force-complain | Folder | 0755 |
|
|
| local | Folder | 0755 |
|
|
| rsyslog.d | Folder | 0755 |
|
|
| tunables | Folder | 0755 |
|
|
| 1password | File | 354 B | 0644 |
|
| Discord | File | 352 B | 0644 |
|
| MongoDB_Compass | File | 386 B | 0644 |
|
| QtWebEngineProcess | File | 404 B | 0644 |
|
| balena-etcher | File | 374 B | 0644 |
|
| brave | File | 348 B | 0644 |
|
| buildah | File | 342 B | 0644 |
|
| busybox | File | 342 B | 0644 |
|
| cam | File | 330 B | 0644 |
|
| ch-checkns | File | 351 B | 0644 |
|
| ch-run | File | 339 B | 0644 |
|
| chrome | File | 349 B | 0644 |
|
| code | File | 349 B | 0644 |
|
| crun | File | 333 B | 0644 |
|
| devhelp | File | 342 B | 0644 |
|
| element-desktop | File | 368 B | 0644 |
|
| epiphany | File | 356 B | 0644 |
|
| evolution | File | 348 B | 0644 |
|
| firefox | File | 410 B | 0644 |
|
| flatpak | File | 342 B | 0644 |
|
| foliate | File | 342 B | 0644 |
|
| geary | File | 336 B | 0644 |
|
| github-desktop | File | 378 B | 0644 |
|
| goldendict | File | 353 B | 0644 |
|
| ipa_verify | File | 351 B | 0644 |
|
| kchmviewer | File | 353 B | 0644 |
|
| keybase | File | 346 B | 0644 |
|
| lc-compliance | File | 360 B | 0644 |
|
| libcamerify | File | 354 B | 0644 |
|
| linux-sandbox | File | 383 B | 0644 |
|
| loupe | File | 336 B | 0644 |
|
| lsb_release | File | 1.35 KB | 0644 |
|
| lxc-attach | File | 351 B | 0644 |
|
| lxc-create | File | 351 B | 0644 |
|
| lxc-destroy | File | 354 B | 0644 |
|
| lxc-execute | File | 354 B | 0644 |
|
| lxc-stop | File | 345 B | 0644 |
|
| lxc-unshare | File | 354 B | 0644 |
|
| lxc-usernsexec | File | 363 B | 0644 |
|
| mmdebstrap | File | 351 B | 0644 |
|
| msedge | File | 352 B | 0644 |
|
| nautilus | File | 346 B | 0644 |
|
| notepadqq | File | 402 B | 0644 |
|
| nvidia_modprobe | File | 1.18 KB | 0644 |
|
| obsidian | File | 350 B | 0644 |
|
| opam | File | 333 B | 0644 |
|
| opera | File | 355 B | 0644 |
|
| pageedit | File | 347 B | 0644 |
|
| plasmashell | File | 680 B | 0644 |
|
| podman | File | 339 B | 0644 |
|
| polypane | File | 350 B | 0644 |
|
| privacybrowser | File | 365 B | 0644 |
|
| qcam | File | 333 B | 0644 |
|
| qmapshack | File | 348 B | 0644 |
|
| qutebrowser | File | 354 B | 0644 |
|
| rootlesskit | File | 354 B | 0644 |
|
| rpm | File | 330 B | 0644 |
|
| rssguard | File | 347 B | 0644 |
|
| runc | File | 334 B | 0644 |
|
| sbuild | File | 339 B | 0644 |
|
| sbuild-abort | File | 357 B | 0644 |
|
| sbuild-adduser | File | 364 B | 0644 |
|
| sbuild-apt | File | 351 B | 0644 |
|
| sbuild-checkpackages | File | 381 B | 0644 |
|
| sbuild-clean | File | 357 B | 0644 |
|
| sbuild-createchroot | File | 378 B | 0644 |
|
| sbuild-destroychroot | File | 382 B | 0644 |
|
| sbuild-distupgrade | File | 375 B | 0644 |
|
| sbuild-hold | File | 354 B | 0644 |
|
| sbuild-shell | File | 365 B | 0644 |
|
| sbuild-unhold | File | 360 B | 0644 |
|
| sbuild-update | File | 360 B | 0644 |
|
| sbuild-upgrade | File | 363 B | 0644 |
|
| scide | File | 355 B | 0644 |
|
| signal-desktop | File | 366 B | 0644 |
|
| slack | File | 342 B | 0644 |
|
| slirp4netns | File | 354 B | 0644 |
|
| steam | File | 363 B | 0644 |
|
| stress-ng | File | 348 B | 0644 |
|
| surfshark | File | 354 B | 0644 |
|
| systemd-coredump | File | 377 B | 0644 |
|
| thunderbird | File | 354 B | 0644 |
|
| toybox | File | 335 B | 0644 |
|
| transmission | File | 2.34 KB | 0644 |
|
| trinity | File | 342 B | 0644 |
|
| tup | File | 330 B | 0644 |
|
| tuxedo-control-center | File | 400 B | 0644 |
|
| ubuntu_pro_apt_news | File | 2.02 KB | 0644 |
|
| ubuntu_pro_esm_cache | File | 6.93 KB | 0644 |
|
| unix-chkpwd | File | 881 B | 0644 |
|
| unprivileged_userns | File | 699 B | 0644 |
|
| userbindmount | File | 360 B | 0644 |
|
| usr.bin.man | File | 3.37 KB | 0644 |
|
| usr.bin.tcpdump | File | 1.65 KB | 0644 |
|
| usr.lib.snapd.snap-confine.real | File | 31.96 KB | 0644 |
|
| usr.sbin.mariadbd | File | 730 B | 0644 |
|
| usr.sbin.named | File | 2.59 KB | 0644 |
|
| usr.sbin.rsyslogd | File | 1.69 KB | 0644 |
|
| uwsgi-core | File | 351 B | 0644 |
|
| vdens | File | 336 B | 0644 |
|
| virtiofsd | File | 352 B | 0644 |
|
| vivaldi-bin | File | 358 B | 0644 |
|
| vpnns | File | 336 B | 0644 |
|
| wike | File | 333 B | 0644 |
|
| wpcom | File | 346 B | 0644 |
|