# AppArmor profile for mosh mobile shell
# Only meant to be used on clients -- NOT SERVERS!
# Version of mosh profiled: 1.4.0
# Homepage: https://github.com/krathalan/apparmor-profiles
# Copyright 2019-2024 (C) krathalan; Licensed under GPLv3

abi <abi/3.0>,
include <tunables/global>

profile mosh /usr/bin/{mosh,mosh-client} {
  include if exists <local/mosh-client>
  include <abstractions/base>
  include <abstractions/perl>

  # Binaries
  /usr/bin/env r,
  /usr/bin/mosh r,
  /usr/bin/mosh-client mrPx,

  # Networking
  include <abstractions/krathalans-networking>
  network netlink raw,
  network inet dgram,
  network inet stream,
  network inet6 dgram,
  network inet6 stream,

  # SSH
  /usr/bin/ssh Px,
  signal receive set=hup peer=/usr/bin/ssh,
  signal receive set=hup peer=ssh,

  # Networking
  /etc/nsswitch.conf r,
  /etc/{protocols,services} r,

  # Display properly on different host terminals
  @{system_share_dirs}/terminfo/** r,
}
