# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{HUGO_DIR} = /media/debuilder/hugo

@{exec_path} = /{usr/,}bin/hugo
profile hugo @{exec_path} {
  include <abstractions/base>

  network inet stream,
  network inet6 stream,

  @{exec_path} mr,

  # Hugo dirs
  owner @{HOME}/hugo/ r,
  owner @{HOME}/hugo/** r,
  owner @{HOME}/hugo/**/public/ rw,
  owner @{HOME}/hugo/**/public/** rw,
  owner @{HUGO_DIR}/ r,
  owner @{HUGO_DIR}/** r,
  owner @{HUGO_DIR}/**/public/ rw,
  owner @{HUGO_DIR}/**/public/** rw,

  owner /tmp/hugo_cache/ rw,
  owner /tmp/hugo_cache/**/ rw,

  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

  @{PROC}/sys/net/core/somaxconn r,

  /etc/mime.types r,

  include if exists <local/hugo>
}