File vaultwarden.apparmor of Package vaultwarden

#-service vim: ft=apparmor

abi <abi/3.0>,

include <tunables/global>

profile vaultwarden /usr/bin/vaultwarden {
  include <abstractions/base>
  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/kerberosclient>

  /etc/vaultwarden/* r,

  /usr/share/vaultwarden/ r,
  /usr/share/vaultwarden/** r,

  owner /var/lib/vaultwarden/ r,
  owner /var/lib/vaultwarden/** rwlk,
  owner /var/log/vaultwarden/** rw,

  owner /proc/@{pid}/cgroup    r,
  owner /proc/@{pid}/mountinfo r,

  # name resolution
  /etc/resolv.conf r,
  /etc/host.conf r,
  /etc/hosts r,
  /{usr/,}etc/nsswitch.conf r,

  # mostly name resolution
  network inet  dgram,
  network inet6 dgram,

  # network service
  network inet  tcp,
  network inet6  tcp,

  network netlink raw, 

  capability net_bind_service,

  include if exists <local/vaultwarden>
}

Places

File vaultwarden.apparmor of Package vaultwarden

Places