authd/apparmor.d/usr.local.bin.authd

34 lines
704 B
Plaintext
Raw Normal View History

2024-12-22 20:19:30 +01:00
abi <abi/3.0>,
include <tunables/global>
include <dnsmanager>
include <boilerplate>
/usr/local/bin/authd flags=(enforce) {
# See the file `boilerplate`.
@{BASE_LIBS} mr,
@{BASE_RO} r,
@{BASE_RW} rw,
# Allow IPC-related unix sockets.
owner @{LIBIPC_DIR}/* rwk,
# Enable all unix socket operations. TODO: restrict this even further?
unix,
# Deny networking (udp and tcp).
deny network tcp,
deny network udp,
# Enable to read the configuration (and the database key).
owner @{AUTHD_CONFIG} r,
owner @{AUTHD_DB_KEY} r,
# Database and logs.
owner @{AUTHD_DB_PATH}/** rwkl,
owner @{AUTHD_LOGS} w,
# Enable authd to send mails.
@{MAILER} ux,
}