diff options
| author | Sadie Powell <sadie@witchery.services> | 2020-11-12 14:20:26 +0000 |
|---|---|---|
| committer | Sadie Powell <sadie@witchery.services> | 2020-11-12 14:22:54 +0000 |
| commit | 713842fef7f2578ed467eccedf4ceaaf85ce737f (patch) | |
| tree | f153e064d401a61bd23b8bc671c202b2d2a7e0c8 | |
| parent | 6214094a84f33ea80af4dac88dd1b82bd59a0b5c (diff) | |
Add an AppArmor config.
| -rw-r--r-- | make/template/apparmor | 46 | ||||
| -rw-r--r-- | make/template/main.mk | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/make/template/apparmor b/make/template/apparmor new file mode 100644 index 000000000..83c248c55 --- /dev/null +++ b/make/template/apparmor @@ -0,0 +1,46 @@ +%platform linux +# +# InspIRCd -- Internet Relay Chat Daemon +# +# Copyright (C) 2020 Sadie Powell <sadie@witchery.services> +# +# This file is part of InspIRCd. InspIRCd is free software: you can +# redistribute it and/or modify it under the terms of the GNU General Public +# License as published by the Free Software Foundation, version 2. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# To use this file move it to /etc/apparmor.d/inspircd + +#include <tunables/global> + +@BINARY_DIR@/inspircd { + #include <abstractions/base> + #include <abstractions/nameservice> + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_resource, + + @BINARY_DIR@/inspircd ixr, + @CONFIG_DIR@/** rw, + @DATA_DIR@/** rw, + @MODULE_DIR@/ r, + @MODULE_DIR@/core_*.so mr, + @MODULE_DIR@/m_*.so mr, + @LOG_DIR@/** w, + + # Required by the ldap module: + #include <abstractions/ldapclient> + + # Required by the mysql module: + #include <abstractions/mysql> +} diff --git a/make/template/main.mk b/make/template/main.mk index 73b24f2e5..181c1f9f2 100644 --- a/make/template/main.mk +++ b/make/template/main.mk @@ -227,6 +227,7 @@ install: target -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) "$(BUILDPATH)/bin/inspircd" $(BINPATH) -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) "$(BUILDPATH)/modules/"*.so $(MODPATH) -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) @CONFIGURE_DIRECTORY@/inspircd $(SCRPATH) 2>/dev/null + -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) @CONFIGURE_DIRECTORY@/apparmor $(SCRPATH) 2>/dev/null -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) @CONFIGURE_DIRECTORY@/logrotate $(SCRPATH) 2>/dev/null ifeq ($(SYSTEM), darwin) -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) @CONFIGURE_DIRECTORY@/org.inspircd.plist $(SCRPATH) 2>/dev/null |