Blame salt/profile/wiki/files/magick.apparmor
|
Christian Boltz |
5bab69 |
#include <tunables/global>
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
# {% for wiki in pillar['mediawiki']['wikis']|sort %}
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
profile magick-{{wiki}} flags=(complain) {
|
|
Christian Boltz |
5bab69 |
#include <abstractions/base>
|
|
Christian Boltz |
5bab69 |
#include <abstractions/fonts>
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
deny network inet stream,
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
deny /var/cache/fontconfig/ w,
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
/bin/bash mrix,
|
|
Christian Boltz |
5bab69 |
/dev/tty rw,
|
|
Christian Boltz |
5bab69 |
/etc/ImageMagick-7-SUSE/*.xml r,
|
|
Christian Boltz |
5bab69 |
/etc/nsswitch.conf r,
|
|
Christian Boltz |
5bab69 |
/etc/passwd r,
|
|
Christian Boltz |
5bab69 |
/proc/filesystems r,
|
|
Christian Boltz |
5bab69 |
/usr/bin/magick mr,
|
|
Christian Boltz |
5bab69 |
/usr/lib64/ImageMagick-7.0.7/modules-7_Q16HDRI6/coders/png.so mr,
|
|
Christian Boltz |
5bab69 |
/usr/lib64/ImageMagick-7.0.7/modules-7_Q16HDRI6/coders/svg.so mr,
|
|
Christian Boltz |
5bab69 |
owner /srv/www/{{wiki}}.opensuse.org/cache/l10n_cache-en.cdb r,
|
|
Christian Boltz |
5bab69 |
owner /srv/www/{{wiki}}.opensuse.org/public/?????? w,
|
|
Christian Boltz |
5bab69 |
owner /srv/www/{{wiki}}.opensuse.org/public/images/**.svg r,
|
|
Christian Boltz |
5bab69 |
owner /srv/www/{{wiki}}.opensuse.org/public/images/temp/transform_*.png rw,
|
|
Christian Boltz |
5bab69 |
owner /tmp/magick-* rw,
|
|
Christian Boltz |
5bab69 |
owner /var/lib/wwwrun/.cache/ w,
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
}
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
# {% endfor %}
|
|
Christian Boltz |
5bab69 |
|
|
Christian Boltz |
5bab69 |
# vim: ft=apparmor expandtab
|