Merge pull request #418 from thinred/pr-apparmor

added apparmor profile
2015-11-07 22:59:43 +09:00 · 2015-11-07 22:59:43 +09:00 · aecddc2cda
parent b89f1f5869 a4012b594b
commit aecddc2cda
1 changed files with 16 additions and 0 deletions
--- a/contrib/usr.sbin.nghttpx
+++ b/contrib/usr.sbin.nghttpx
@ -0,0 +1,16 @@
+#include <tunables/global>
+
+/usr/sbin/nghttpx {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/openssl>
+
+  capability setgid,
+  capability setuid,
+
+  /usr/sbin/nghttpx rmix,      # allow to run itself
+  /etc/nghttpx/nghttpx.conf r, # allow to read the config file
+  /etc/ssl/** r,               # give access to ssl keys
+
+  /{,var/}run/nghttpx.pid lw,  # allow to store a pid file
+}