31 lines
669 B
Plaintext
31 lines
669 B
Plaintext
|
abi <abi/3.0>,
|
||
|
|
||
|
include <tunables/global>
|
||
|
include <dnsmanager>
|
||
|
include <boilerplate>
|
||
|
|
||
|
/usr/local/bin/dnsmanagerd flags=(enforce) {
|
||
|
# See the file `boilerplate`.
|
||
|
@{BASE_LIBS} mr,
|
||
|
@{BASE_RO} r,
|
||
|
@{BASE_RW} rw,
|
||
|
|
||
|
# Allow IPC-related unix sockets.
|
||
|
owner @{LIBIPC_DIR}/* rwk,
|
||
|
|
||
|
# Enable all unix socket operations. TODO: restrict this even further?
|
||
|
unix,
|
||
|
|
||
|
# Deny networking (udp and tcp).
|
||
|
deny network tcp,
|
||
|
deny network udp,
|
||
|
|
||
|
# Configuration and DNS templates.
|
||
|
owner @{DNSMANAGERD_CONFIG} r,
|
||
|
owner @{DNSMANAGERD_TEMPLATES} r,
|
||
|
|
||
|
# Database and logs.
|
||
|
owner @{DNSMANAGERD_DB_PATH}/** rwkl,
|
||
|
owner @{DNSMANAGERD_LOGS} w,
|
||
|
}
|