diff --git a/natpub-test-1.komreg.net/overlay/etc/apparmor-cosmos/usr.sbin.lighttpd b/natpub-test-1.komreg.net/overlay/etc/apparmor-cosmos/usr.sbin.lighttpd new file mode 100644 index 00000000..cac47e41 --- /dev/null +++ b/natpub-test-1.komreg.net/overlay/etc/apparmor-cosmos/usr.sbin.lighttpd @@ -0,0 +1,68 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:syntax=apparmor + +#include + +/usr/sbin/lighttpd { + #include + #include + #include + + # needed to change max file descriptors + capability sys_resource, + + # network service ;) + capability net_bind_service, + + # changing the uid/gid on startup + capability setgid, + capability setuid, + + /proc/loadavg r, + + /etc/lighttpd r, + /etc/lighttpd/*.conf r, + /etc/lighttpd/conf.d/*.conf r, + /etc/lighttpd/auth.d/* r, + /etc/lighttpd/vhosts.d r, + /etc/lighttpd/vhosts.d/* r, + /usr/sbin/lighttpd mix, + + /usr/lib/lighttpd/*.so mr, + /usr/lib64/lighttpd/*.so mr, + + /etc/ssl/private/*.pem r, + # home dir. e.g. used for sockets. + /var/lib/lighttpd/ r, + /var/lib/lighttpd/** rwl, + # mod_compress cache + /var/cache/lighttpd/ r, + /var/cache/lighttpd/** rwl, + # pid + /{,var/}run/lighttpd.pid rwl, + # log files + /var/log/lighttpd/*.log rw, + # include_shell + /{usr/,}bin/bash mix, + /{usr/,}bin/dash mix, + /{usr/,}bin/zsh mix, + /{usr/,}bin/cat mix, + + # Debian/Ubuntu integration in default installation + #include + /etc/mime.types r, + /usr/share/lighttpd/ r, + /usr/share/lighttpd/*.pl rmix, + /etc/lighttpd/conf-available/ r, + /etc/lighttpd/conf-available/*.conf r, + /etc/lighttpd/conf-enabled/ r, + /etc/lighttpd/conf-enabled/*.conf r, +}