Update AppArmor profile

sync with distribution changes: - allow ergo to execute ergo-ldap as a subprocess to allow for LDAP authentication - allow ergo to create backup files to allow for autoupgrade - consolidate and sort some lines for easier maintenance Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2026-05-25 08:43:34 +02:00 · 2026-05-16 18:34:03 +02:00 · 2026-05-16 18:34:03 +02:00 · d1c7051086
commit d1c7051086
parent 8c02b854b7
1 changed files with 5 additions and 4 deletions
--- a/distrib/apparmor/ergo
+++ b/distrib/apparmor/ergo
@ -9,14 +9,15 @@ profile ergo /usr/bin/ergo {
  include <abstractions/nameservice>

  /etc/ergo/ircd.{motd,yaml} r,
-  /etc/ssl/irc/{crt,key} r,
-  /etc/ssl/ergo/{crt,key} r,
-  /usr/bin/ergo mr,
+  /etc/ssl/{ergo,irc}/{crt,key} r,
  /proc/sys/net/core/somaxconn r,
  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  /usr/bin/ergo mr,
+  /usr/bin/ergo-ldap Px -> ergo-ldap,
  /usr/share/ergo/languages/{,*.lang.json,*.yaml} r,
  owner /run/ergo/ircd.lock rwk,
  owner /var/lib/ergo/ircd.db rw,
+  owner /var/lib/ergo/ircd.db.*.bak w,

  include if exists <local/ergo>

@ -25,7 +26,7 @@ profile ergo /usr/bin/ergo {
 profile ergo-ldap /usr/bin/ergo-ldap {
  include <abstractions/openssl>
  include <abstractions/ssl_certs>
-  
+
  /usr/bin/ergo-ldap rm,
  /etc/ergo/ldap.yaml r,