-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathusr.bin.curl
47 lines (34 loc) · 1.04 KB
/
usr.bin.curl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# vim:syntax=apparmor
#include <tunables/global>
profile curl /usr/bin/curl {
/usr/bin/curl r,
#include <abstractions/base>
#include <abstractions/openssl>
#include <abstractions/ssl_certs>
# #include <abstractions/nameservice> # embedded, but more relaxed
#include <abstractions/3rd/nameservice-strict>
owner @{HOME}/.curlrc r,
@{PROC}/sys/crypto/fips_enabled r,
# Adjust and uncomment to allow file reading
#/tmp/* r, # Only files in this directory
#/tmp/somefile r,
# Adjust and uncomment to allow file saving
#/tmp/** w,
#owner /tmp/** w, # Allow to create and overwrite owned files
owner /tmp/*.curl rw,
signal (receive) set=("term") peer=zabbix_agentd,
# Ubuntu
# network inet dgram,
# network inet6 dgram,
# network inet stream,
# network inet6 stream,
# network netlink raw,
# Armbian
# /usr/bin/curl m,
# Pi-hole
# capability dac_override,
# /etc/pihole/** rw,
# /var/local/pihole/** rw, # Custom
# owner /tmp/tmp.*.phgpb rw,
# #include <local/usr.bin.curl>
}