apparmor/profiles/enabled/usr.sbin.squid

# $Id: usr.sbin.squid 6222 2006-02-03 23:42:57Z sarnold $
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2006 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim:syntax=apparmor

#include <tunables/global>

/usr/sbin/squid {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/kerberosclient>
  #include <abstractions/nameservice>

  capability setgid,
  capability setuid,

  /usr/lib/squid/* rix,
  /usr/sbin/squid rix,
  /usr/sbin/unlinkd ixr,

  /var/cache/squid/** lrw,

  /dev/tty rw,
  /etc/mtab r,
  /etc/squid/* r,
  /proc/*/mounts r,
  /proc/mounts r,
  /usr/share/squid/** r,
  /var/log/squid/access.log w,
  /proc/sys/kernel/ngroups_max r,
  /var/log/squid/cache.log rw,
  /var/log/squid/store.log w,
  /var/run/squid.pid lrw,
}
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`# $Id: usr.sbin.squid 6222 2006-02-03 23:42:57Z sarnold $`
			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2002-2006 Novell/SUSE`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`
			`# vim:syntax=apparmor`

			`#include <tunables/global>`

			`/usr/sbin/squid {`
			`#include <abstractions/base>`
			`#include <abstractions/consoles>`
			`#include <abstractions/kerberosclient>`
			`#include <abstractions/nameservice>`

			`capability setgid,`
			`capability setuid,`

			`/usr/lib/squid/* rix,`
			`/usr/sbin/squid rix,`
			`/usr/sbin/unlinkd ixr,`

			`/var/cache/squid/** lrw,`

			`/dev/tty rw,`
			`/etc/mtab r,`
			`/etc/squid/* r,`
			`/proc/*/mounts r,`
			`/proc/mounts r,`
			`/usr/share/squid/** r,`
			`/var/log/squid/access.log w,`
			`/proc/sys/kernel/ngroups_max r,`
			`/var/log/squid/cache.log rw,`
			`/var/log/squid/store.log w,`
			`/var/run/squid.pid lrw,`
			`}`