File usr.sbin.haproxy.apparmor of Package haproxy.30278
#include <tunables/global>
profile haproxy /usr/sbin/haproxy {
#include <abstractions/base>
#include <abstractions/openssl>
#include <abstractions/ssl_certs>
#include <abstractions/ssl_keys>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability kill,
capability sys_resource,
capability sys_chroot,
capability net_admin,
# those are needed for the stats socket creation
capability chown,
capability fowner,
capability fsetid,
network inet,
network inet6,
/etc/haproxy/* r,
/usr/sbin/haproxy rmix,
/var/lib/haproxy/stats rwl,
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
/{,var/}run/haproxy-master.sock* rwlk,
# Site-specific additions and overrides. See local/README for details.
#include if exists <local/haproxy>
#include if exists <local/usr.sbin.haproxy>
}