# -*- mode: apparmor; -*- # ------------------------------------------------------------------ # # Copyright (C) 2024 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # vim: ft=apparmor abi , include profile tinyproxy /usr/bin/tinyproxy { include include # to provide flexibility, when run as a root tinyproxy may need to run files # owned by other users and similarly when run as an unprivileged user allow # tinyproxy to bind to privileged ports capability dac_override, capability dac_read_search, capability net_bind_service, file mr /usr/bin/tinyproxy, file r @{etc_ro}/tinyproxy/tinyproxy.conf, # tinyproxy.conf allows to configure the locations of various files that will # be written to by tinyproxy including ErrorFile, DefaultErrorFile, LogFile, # and StatFile as well as PidFile. This profile allows tinyproxy to write to # the default locations but if these are changed in the configuration file, # additional rules should be added to the /etc/apparmor.d/local/tinyproxy file # to allow this access file rw /run/tinyproxy/tinyproxy.pid, # PidFile file rw /var/log/tinyproxy/tinyproxy.log, # LogFile file r /usr/share/tinyproxy/*, #ErrorFile, DefaultErrorFile, StatFile etc network inet stream, network inet6 stream, # Site-specific additions and overrides. See local/README for details. include if exists }