Overview

File apparmor-ergo of Package ergo

# Last Modified: Thu Jul  6 06:47:23 2023
include <tunables/global>

# Georg Pfuetzenreuter <georg+ergo@lysergic.dev>
# AppArmor confinement for ergo and ergo-ldap

profile ergo /usr/bin/ergo {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice>

  /etc/ergo/ircd.{motd,yaml} r,
  /etc/ssl/{ergo,irc}/{crt,key} r,
  /proc/sys/net/core/somaxconn r,
  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  /usr/bin/ergo mr,
  /usr/bin/ergo-ldap Px -> ergo-ldap,
  /usr/share/ergo/languages/{,*.lang.json,*.yaml} r,
  owner /run/ergo/ircd.lock rwk,
  owner /var/lib/ergo/ircd.db rw,
  owner /var/lib/ergo/ircd.db.*.bak w,

  include if exists <local/ergo>

}

profile ergo-ldap /usr/bin/ergo-ldap {
  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  /etc/ergo/ldap.yaml r,
  /usr/bin/ergo-ldap mr,

  include if exists <local/ergo-ldap>

}
openSUSE Build Service is sponsored by
Places