# AppArmor profile for maddyctl management utility.
# vim:syntax=apparmor:ts=2:sw=2:et

#include <tunables/global>

profile dev.foxcpp.maddyctl /usr{/local,}/bin/maddyctl {
  #include <abstractions/base>

  /etc/resolv.conf r,
  /proc/sys/net/core/somaxconn r,
  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  deny ptrace,
  network unix,
  deny unix,

  /etc/maddy/** r,
  owner /run/maddy/ rw,
  owner /run/maddy/** rwkl,
  owner /var/lib/maddy/ rw,
  owner /var/lib/maddy/** rwk,
  owner /var/lib/maddy/**.db-{wal,shm} rmk,

  #include if exists <local/dev.foxcpp.maddyctl>
}