43 lines
1 KiB
Text
43 lines
1 KiB
Text
|
# Last Modified: Fri Nov 11 17:59:18 2022
|
||
|
|
abi <abi/3.0>,
|
||
|
|
|
||
|
|
include <tunables/global>
|
||
|
|
|
||
|
|
@{YOAKE}="/var/lib/caddy/yoake"
|
||
|
|
|
||
|
|
@{YOAKE_DATA}="/var/lib/caddy/yoake.badger"
|
||
|
|
|
||
|
|
profile yoake @{YOAKE}/server {
|
||
|
|
include <abstractions/base>
|
||
|
|
include <abstractions/nameservice>
|
||
|
|
include <abstractions/apparmor_api/introspect>
|
||
|
|
^ssl {
|
||
|
|
include <abstractions/base>
|
||
|
|
include <abstractions/ssl_certs>
|
||
|
|
include <abstractions/ssl_keys>
|
||
|
|
include <abstractions/apparmor_api/introspect>
|
||
|
|
}
|
||
|
|
/sys/kernel/mm/transparent_hugepage/* r,
|
||
|
|
/proc/sys/net/core/somaxconn r,
|
||
|
|
@{YOAKE}/server mr,
|
||
|
|
@{YOAKE}/** r,
|
||
|
|
@{YOAKE_DATA}/ rwk,
|
||
|
|
@{YOAKE_DATA}/** rwlk,
|
||
|
|
capability net_bind_service,
|
||
|
|
signal send peer=yoake//serve,
|
||
|
|
|
||
|
|
^serve flags=(kill) {
|
||
|
|
include <abstractions/base>
|
||
|
|
include <abstractions/nameservice>
|
||
|
|
include <abstractions/apparmor_api/introspect>
|
||
|
|
|
||
|
|
/sys/kernel/mm/transparent_hugepage/ r,
|
||
|
|
@{YOAKE}/server mr,
|
||
|
|
@{YOAKE}/ r,
|
||
|
|
@{YOAKE}/{assets,webroot}/** r,
|
||
|
|
@{YOAKE_DATA}/ rwk,
|
||
|
|
@{YOAKE_DATA}/** rwlk,
|
||
|
|
signal receive peer=yoake,
|
||
|
|
}
|
||
|
|
}
|