mirror of
https://github.com/foxcpp/maddy.git
synced 2025-04-03 05:07:38 +03:00
a0d5605337
Not installed by default since they are more or less experimental and systemd sandboxing provides roughly the same level of isolation.
24 lines
588 B
Text
24 lines
588 B
Text
# AppArmor profile for maddyctl management utility.
|
|
# vim:syntax=apparmor:ts=2:sw=2:et
|
|
|
|
#include <tunables/global>
|
|
|
|
profile dev.foxcpp.maddyctl /usr{/local,}/bin/maddyctl {
|
|
#include <abstractions/base>
|
|
|
|
/etc/resolv.conf r,
|
|
/proc/sys/net/core/somaxconn r,
|
|
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
|
deny ptrace,
|
|
network unix,
|
|
deny unix,
|
|
|
|
/etc/maddy/** r,
|
|
owner /run/maddy/ rw,
|
|
owner /run/maddy/** rwkl,
|
|
owner /var/lib/maddy/ rw,
|
|
owner /var/lib/maddy/** rwk,
|
|
owner /var/lib/maddy/**.db-{wal,shm} rmk,
|
|
|
|
#include if exists <local/dev.foxcpp.maddyctl>
|
|
}
|