include <tunables/global>
profile matrix-synapse {
include <abstractions/base>
include <abstractions/python>
include <abstractions/ssl_certs>
include <abstractions/openssl>
include <abstractions/nameservice>
/etc/mime.types r,
owner @{PROC}/@{pid}/{fd/,limits,mounts,stat} r,
/etc/matrix-synapse/** r,
owner /var/lib/matrix-synapse/ r,
owner /var/{lib,log}/matrix-synapse/** rw,
owner /data/matrix/ r,
owner /data/matrix/** rw,
/usr/bin/bash Cx -> bash,
profile bash {
include <abstractions/base>
/usr/bin/bash r,
/usr/bin/uname PUx,
}
}