mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-19 09:28:17 +01:00
26 lines
714 B
Text
26 lines
714 B
Text
# vim:syntax=apparmor
|
|
include <tunables/global>
|
|
|
|
profile system_tor flags=(attach_disconnected) {
|
|
include <abstractions/tor>
|
|
include <abstractions/openssl>
|
|
|
|
owner /var/lib/tor/** rwk,
|
|
owner /var/lib/tor/ r,
|
|
owner /var/log/tor/* w,
|
|
|
|
# During startup, tor (as root) tries to open various things such as
|
|
# directories via check_private_dir(). Let it.
|
|
/var/lib/tor/** r,
|
|
|
|
/{,var/}run/tor/ r,
|
|
/{,var/}run/tor/control w,
|
|
/{,var/}run/tor/socks w,
|
|
/{,var/}run/tor/tor.pid w,
|
|
/{,var/}run/tor/control.authcookie w,
|
|
/{,var/}run/tor/control.authcookie.tmp rw,
|
|
/{,var/}run/systemd/notify w,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include <local/system_tor>
|
|
}
|