Overview

File salt-broker.apparmor of Package salt-broker

#-service vim: ft=apparmor

abi <abi/3.0>,

include <tunables/global>

profile salt-broker /usr/sbin/salt-broker flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/python>

  /usr/sbin/salt-broker r,

  /etc/salt-broker/config r,

  owner /var/log/salt-broker/salt-broker.log rw,

  # name resolution
  /etc/resolv.conf r,
  /etc/host.conf r,
  /etc/hosts r,
  /{usr/,}etc/nsswitch.conf r,
  /etc/protocols r,

  # mostly name resolution
  network inet  dgram,
  network inet6 dgram,

  # network service
  network inet  tcp,
  network inet6  tcp,

  network netlink raw,

  capability net_bind_service,
  /proc/@{pid}/mounts r,
  /proc/@{pid}/task/*/comm wr,

  owner /tmp/#* rwm,
  owner /var/tmp/#* rwm,
  owner /dev/shm/#* rwm,

  deny /usr/sbin/ r,

  include if exists <local/salt-broker>
}
openSUSE Build Service is sponsored by
Places