mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-15 00:19:29 +01:00
Import AppArmor profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
6d642bfe93
commit
67d10bc63b
34
distrib/apparmor/ergo
Normal file
34
distrib/apparmor/ergo
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
# Georg Pfuetzenreuter <georg+ergo@lysergic.dev>
|
||||||
|
# AppArmor confinement for ergo and ergo-ldap
|
||||||
|
|
||||||
|
profile ergo /usr/bin/ergo {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/consoles>
|
||||||
|
include <abstractions/nameservice>
|
||||||
|
|
||||||
|
/etc/ergo/ircd.{motd,yaml} r,
|
||||||
|
/etc/ssl/irc/{crt,key} r,
|
||||||
|
/etc/ssl/ergo/{crt,key} r,
|
||||||
|
/usr/bin/ergo mr,
|
||||||
|
/proc/sys/net/core/somaxconn r,
|
||||||
|
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
||||||
|
/usr/share/ergo/languages/{,*.lang.json,*.yaml} r,
|
||||||
|
owner /run/ergo/ircd.lock rwk,
|
||||||
|
owner /var/lib/ergo/ircd.db rw,
|
||||||
|
|
||||||
|
include if exists <local/ergo>
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
profile ergo-ldap /usr/bin/ergo-ldap {
|
||||||
|
include <abstractions/openssl>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
|
/usr/bin/ergo-ldap rm,
|
||||||
|
/etc/ergo/ldap.yaml r,
|
||||||
|
|
||||||
|
include if exists <local/ergo-ldap>
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user