d/apparmor-profile: add comment about the control keys
Michael Tokarev
2 years ago
27 | 27 | # non-chrooted paths |
28 | 28 | /etc/unbound/** r, |
29 | 29 | owner /etc/unbound/*.key* rw, |
30 | # explicitly deny (and audit) attempts to write to the key files | |
31 | # this should be unnecessary after switch to /run/unbound.ctl control socket | |
32 | # (here and below) | |
30 | 33 | audit deny /etc/unbound/unbound_control.{key,pem} rw, |
31 | 34 | audit deny /etc/unbound/unbound_server.key w, |
32 | 35 |