source: squid-ssl/trunk/fuentes/debian/usr.sbin.squid @ 5496

Last change on this file since 5496 was 5496, checked in by Juanma, 22 months ago

Initial release

File size: 1.9 KB
Line 
1# Author: Simon Deziel
2#         Jamie Strandboge
3# vim:syntax=apparmor
4#include <tunables/global>
5
6/usr/sbin/squid {
7  #include <abstractions/base>
8  #include <abstractions/kerberosclient>
9  #include <abstractions/nameservice>
10
11  capability net_raw,
12  capability setuid,
13  capability setgid,
14  capability sys_chroot,
15
16  # allow child processes to run execvp(argv[0], [kidname, ...])
17  /usr/sbin/squid ix,
18
19  # pinger
20  network inet raw,
21  network inet6 raw,
22
23  /etc/mtab r,
24  @{PROC}/[0-9]*/mounts r,
25  @{PROC}/mounts r,
26
27  # squid3 configuration
28  /etc/squid/** r,
29  /{,var/}run/squid.pid rwk,
30  /var/spool/squid/ r,
31  /var/spool/squid/** rwk,
32  /usr/lib/squid{,3}/* rmix,
33  /usr/share/squid/** r,
34  /var/log/squid/* rw,
35
36  # squid-langpack
37  /usr/share/squid-langpack/** r,
38
39  # maas-proxy
40  /var/lib/maas/maas-proxy.conf r,
41  /var/log/maas/proxy/** rw,
42  /var/spool/maas-proxy/ r,
43  /var/spool/maas-proxy/** rwk,
44
45  # squid-deb-proxy
46  /etc/squid-deb-proxy/** r,
47  /{,var/}run/squid-deb-proxy.pid rwk,
48  /var/cache/squid-deb-proxy/ r,
49  /var/cache/squid-deb-proxy/** rwk,
50  /var/log/squid-deb-proxy/* rw,
51  owner /dev/shm/** rmw,
52
53  # squidguard
54  /usr/bin/squidGuard Cx -> squidguard,
55  profile squidguard {
56    #include <abstractions/base>
57
58    /etc/squid/squidGuard.conf r,
59    /var/log/squid{,3}/squidGuard.log w,
60    /var/lib/squidguard/** rw,
61
62    # squidguard by default uses /var/log/squid as its logdir, however, we
63    # don't want it to access squid's logs, only its own. Explicitly deny
64    # access to squid's files but allow all others since the user may specify
65    # anything for the squidGurad 'log' directive.
66    /var/log/squid{,3}/* rw,
67    audit deny /var/log/squid{,3}/{access,cache,store}.log* rw,
68
69    # Site-specific additions and overrides. See local/README for details.
70    #include <local/usr.sbin.squid>
71  }
72
73  # Site-specific additions and overrides. See local/README for details.
74  #include <local/usr.sbin.squid>
75}
Note: See TracBrowser for help on using the repository browser.