New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create profile for sing-box #273

Merged

roddhjav merged 2 commits into roddhjav:main from npwc:sing-box

Jan 24, 2024

Contributor

npwc commented Jan 16, 2024

https://github.com/SagerNet/sing-box

cc @nekohasekai


          Create profile for sing-box

62f2f24

Owner

roddhjav commented Jan 16, 2024 •

edited

Loading

Thanks for your PR. Please have a look at the profile guideline: https://apparmor.pujol.io/development/guidelines to ensure your profile respect the guideline of this project.

Looking at the documentation of sing-box. I have the feeling, this profile only works for your use case of the proxy (with tor), what about other feature?

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box Outdated

+              @{exec_path} = /{,usr/}{,local/}bin/sing-box
+              profile sing-box @{exec_path} {
+                include <abstractions/base>
+                include <abstractions/nameservice>

Owner

roddhjav Jan 16, 2024

use nameservice-strict

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box Outdated


		include <tunables/global>

		@{exec_path} = /{,usr/}{,local/}bin/sing-box

Owner

roddhjav Jan 16, 2024

Use @{bin}/sing-box (local program are purposely not confined by default profiles)

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box Outdated

+                include <abstractions/nis>
+                include <abstractions/ssl_certs>
+                include <abstractions/ssl_keys>
+                include <abstractions/tor>

Owner

roddhjav Jan 16, 2024

There is no such abstraction.

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box Outdated

+                /usr/{,local/}share/sing-box/geosite.db r,
+                owner /{,usr/local/}etc/sing-box/config.json r,
+                owner @{home_dirs}/.local/share/certmagic/** rw,

Owner

roddhjav Jan 16, 2024

@{home_dirs) does not exist. Use: owner @{user_share_dirs}/certmagic/** rw,

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box Outdated

+                /proc/meminfo r,
+                /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+                /usr/bin/tor mrix,

Owner

roddhjav Jan 16, 2024

Use the @{bin} variable.

roddhjav reviewed

View reviewed changes

apparmor.d/profiles-s-z/sing-box

+                include <abstractions/ssl_certs>
+                include <abstractions/ssl_keys>
+                include <abstractions/tor>
+                include <abstractions/user-tmp>

Owner

roddhjav Jan 16, 2024

This abstraction is quite board, can you restrict this a bit.

Contributor Author

npwc commented Jan 16, 2024

Thanks for your PR. Please have a look at the profile guideline: https://apparmor.pujol.io/development/guidelines.html to ensure your profile respect the guideline of this project.

Looking at the documentation of sing-box. I have the feeling, this profile only works for your use case of the proxy (with tor), what about other feature?

Yes, part of profile only work for me.

Now my specific profile has been removed, only a generic scenario remains.


          Update sing-box

9de29b5

roddhjav force-pushed the main branch 2 times, most recently from 7e0f337 to d3751d3 Compare

January 24, 2024 20:52

roddhjav merged commit e7dc2fb into roddhjav:main

2 checks passed

Owner

roddhjav commented Jan 24, 2024 •

edited

Loading

Thanks. Merged.

For future contribution, please try to follow the profile guideline as I have done with 8f82547

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet