Overview

File step-ca-apparmor of Package step-ca

abi <abi/3.0>,

include <tunables/global>

profile step-ca /usr/sbin/step-ca flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/ssl_certs>

  /{usr/,}etc/hosts r,
  /{usr/,}etc/resolv.conf r,
  /{usr/,}etc/gai.conf r,
  /{usr/,}etc/nsswitch.conf r,
  /{usr/,}etc/host.conf r,

  /usr/sbin/step-ca r,

  capability net_bind_service,

  network unix  stream,

  network inet  dgram,
  network inet6 dgram,
  network inet  stream,
  network inet6 stream,

  /etc/step-ca/password.txt r,

  /var/lib/step-ca/ r,
  /var/lib/step-ca/** rwlk,

  /proc/@{pid}/cpuset r,
  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  /proc/sys/net/core/somaxconn r,
  /proc/sys/kernel/osrelease r,
  /proc/cmdline r,

  @{run}/nscd/db* r,
  /var/lib/nscd/* r,
  /etc/machine-id r,

  include if exists <local/step-ca>
}
openSUSE Build Service is sponsored by
Places