Codebase list unbound / 04e0d30
d/apparmor-profile: allow access to /var/lib/unbound when chrooted to /etc/unbound (#1010517) Michael Tokarev 2 years ago
1 changed file(s) with 8 addition(s) and 4 deletion(s). Raw diff Collapse all Expand all
+8
-4
debian/apparmor-profile less more
3131 audit deny /etc/unbound/unbound_server.key w,
3232
3333 # chrooted paths
34 /var/lib/unbound/** r,
35 owner /var/lib/unbound/** rw,
36 audit deny /var/lib/unbound/**/unbound_control.{key,pem} rw,
37 audit deny /var/lib/unbound/**/unbound_server.key w,
34 # unbound can be chrooted into /etc/unbound (upstream default) with
35 # /var/lib/unbound/ bind-mounted to /etc/unbound/var/lib/unbound/,
36 # or it can be chrooted into /var/lib/unbound/ with /etc/unbound/ copied
37 # into there (previous debian package default).
38 /{,etc/unbound/}var/lib/unbound/** r,
39 owner /{,etc/unbound/}var/lib/unbound/** rw,
40 audit deny /{,etc/unbound/}var/lib/unbound/**/unbound_control.{key,pem} rw,
41 audit deny /{,etc/unbound/}var/lib/unbound/**/unbound_server.key w,
3842
3943 /usr/sbin/unbound mr,
4044