mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
59 lines
1.4 KiB
Text
59 lines
1.4 KiB
Text
# $Id$
|
|
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2002-2005 Novell/SUSE
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim:syntax=apparmor
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/sbin/lighttpd {
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
#include <abstractions/web-data>
|
|
|
|
# needed to change max file descriptors
|
|
capability sys_resource,
|
|
|
|
# network service ;)
|
|
capability net_bind_service,
|
|
|
|
# changing the uid/gid on startup
|
|
capability setgid,
|
|
capability setuid,
|
|
|
|
/proc/sys/kernel/ngroups_max r,
|
|
|
|
/etc/lighttpd r,
|
|
/etc/lighttpd/*.conf r,
|
|
/etc/lighttpd/conf.d/*.conf r,
|
|
/etc/lighttpd/auth.d/* r,
|
|
/etc/lighttpd/vhosts.d r,
|
|
/etc/lighttpd/vhosts.d/* r,
|
|
/usr/sbin/lighttpd ix,
|
|
|
|
/usr/lib/lighttpd/*.so r,
|
|
/usr/lib64/lighttpd/*.so r,
|
|
|
|
/etc/ssl/private/*.pem r,
|
|
# home dir. e.g. used for sockets.
|
|
/var/lib/lighttpd/ r,
|
|
/var/lib/lighttpd/** rwl,
|
|
# mod_compress cache
|
|
/var/cache/lighttpd/ r,
|
|
/var/cache/lighttpd/** rwl,
|
|
# pid
|
|
/var/run/lighttpd.pid rwl,
|
|
# log files
|
|
/var/log/lighttpd/*.log rw,
|
|
# include_shell
|
|
/bin/bash ix,
|
|
/bin/zsh ix,
|
|
/bin/cat ix,
|
|
}
|
|
|