mirror of https://github.com/PurpleI2P/i2pd.git
Browse Source
Author: corona@mail.i2p Signed-off-by: r4sas <r4sas@i2pmail.org>pull/1949/merge 2.50.0
R4SAS
1 year ago
1 changed files with 42 additions and 0 deletions
@ -0,0 +1,42 @@
@@ -0,0 +1,42 @@
|
||||
# _________________________________________ |
||||
# / Copy this file to the right location \ |
||||
# | then load with: | |
||||
# | | |
||||
# | apparmor_parser -r -W | |
||||
# | /etc/apparmor.d/docker-i2pd | |
||||
# | | |
||||
# | docker run --security-opt | |
||||
# | "apparmor=docker-i2pd" ... | |
||||
# | purplei2p/i2pd | |
||||
# | | |
||||
# \ And "aa-status" to verify it's loaded. / |
||||
# ----------------------------------------- |
||||
# \ ^__^ |
||||
# \ (oo)\_______ |
||||
# (__)\ )\/\ |
||||
# ||----w | |
||||
# || || |
||||
|
||||
#include <tunables/global> |
||||
|
||||
profile docker-i2pd flags=(attach_disconnected,mediate_deleted) { |
||||
#include <abstractions/base> |
||||
#include <abstractions/openssl> |
||||
#include <abstractions/nameservice> |
||||
|
||||
/bin/busybox ix, |
||||
/usr/local/bin/i2pd ix, |
||||
/entrypoint.sh ixr, |
||||
|
||||
/i2pd_certificates/** r, |
||||
|
||||
/home/i2pd/data/** rw, |
||||
|
||||
/home/i2pd/data/i2pd.pid k, |
||||
|
||||
deny /home/i2pd/data/i2pd.conf w, |
||||
deny /home/i2pd/data/tunnels.conf w, |
||||
deny /home/i2pd/data/tunnels.d/** w, |
||||
deny /home/i2pd/data/certificates/** w, |
||||
deny /home/i2pd/data/i2pd.log r, |
||||
} |
Loading…
Reference in new issue