From 713842fef7f2578ed467eccedf4ceaaf85ce737f Mon Sep 17 00:00:00 2001
From: Sadie Powell <sadie@witchery.services>
Date: Thu, 12 Nov 2020 14:20:26 +0000
Subject: [PATCH 1/1] Add an AppArmor config.

---
 make/template/apparmor | 46 ++++++++++++++++++++++++++++++++++++++++++
 make/template/main.mk  |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 make/template/apparmor

diff --git a/make/template/apparmor b/make/template/apparmor
new file mode 100644
index 000000000..83c248c55
--- /dev/null
+++ b/make/template/apparmor
@@ -0,0 +1,46 @@
+%platform linux
+#
+# InspIRCd -- Internet Relay Chat Daemon
+#
+#   Copyright (C) 2020 Sadie Powell <sadie@witchery.services>
+#
+# This file is part of InspIRCd.  InspIRCd is free software: you can
+# redistribute it and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, version 2.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# To use this file move it to /etc/apparmor.d/inspircd
+
+#include <tunables/global>
+
+@BINARY_DIR@/inspircd {
+	#include <abstractions/base>
+	#include <abstractions/nameservice>
+
+	capability net_bind_service,
+	capability setgid,
+	capability setuid,
+	capability sys_resource,
+
+	@BINARY_DIR@/inspircd ixr,
+	@CONFIG_DIR@/** rw,
+	@DATA_DIR@/** rw,
+	@MODULE_DIR@/ r,
+	@MODULE_DIR@/core_*.so mr,
+	@MODULE_DIR@/m_*.so mr,
+	@LOG_DIR@/** w,
+
+	# Required by the ldap module:
+	#include <abstractions/ldapclient>
+
+	# Required by the mysql module:
+	#include <abstractions/mysql>
+}
diff --git a/make/template/main.mk b/make/template/main.mk
index 73b24f2e5..181c1f9f2 100644
--- a/make/template/main.mk
+++ b/make/template/main.mk
@@ -227,6 +227,7 @@ install: target
 	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) "$(BUILDPATH)/bin/inspircd" $(BINPATH)
 	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) "$(BUILDPATH)/modules/"*.so $(MODPATH)
 	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) @CONFIGURE_DIRECTORY@/inspircd $(SCRPATH) 2>/dev/null
+	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) @CONFIGURE_DIRECTORY@/apparmor $(SCRPATH) 2>/dev/null
 	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) @CONFIGURE_DIRECTORY@/logrotate $(SCRPATH) 2>/dev/null
 ifeq ($(SYSTEM), darwin)
 	-$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_BIN) @CONFIGURE_DIRECTORY@/org.inspircd.plist $(SCRPATH) 2>/dev/null
-- 
2.39.2