abi , include include include /usr/local/bin/authd flags=(enforce) { # See the file `boilerplate`. @{BASE_LIBS} mr, @{BASE_RO} r, @{BASE_RW} rw, # Allow IPC-related unix sockets. owner @{LIBIPC_DIR}/* rwk, # Enable all unix socket operations. TODO: restrict this even further? unix, # Deny networking (udp and tcp). deny network tcp, deny network udp, # Enable to read the configuration (and the database key). owner @{AUTHD_CONFIG} r, owner @{AUTHD_DB_KEY} r, # Database and logs. owner @{AUTHD_DB_PATH}/** rwkl, owner @{AUTHD_LOGS} w, # Enable authd to send mails. @{MAILER} ux, }