mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity
apparmor/profiles/apparmor.d/curl
Simon Poirier 01ab33202a profiles: Allow curl to read tmp, for scripts which might use config/etags/data... 
Signed-off-by: Simon Poirier <simon.poirier@canonical.com>
2025-08-13 21:37:53 -04:00

48 lines
1.3 KiB
Plaintext
Raw Blame History

#------------------------------------------------------------------
# Copyright (C) 2025 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#------------------------------------------------------------------
# vim: ft=apparmor
abi <abi/4.0>,
include <tunables/global>
profile curl /usr/bin/curl {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/private-files-strict>
include <abstractions/ssl_certs>
@{exec_path} mr,
# allow reading configuration files from $HOME
priority=1 file r @{HOME}/.curlrc,
priority=1 file r @{HOME}/.config/curlrc,
# allow reading other configuration files/certs from $HOME
# (see --config, --cacert options)
file r @{HOME}/**,
# allow reading data/config from tmp
owner file r /tmp/**,
# allow writing output to $HOME, /tmp (see -o option)
file w @{HOME}/**,
file w /tmp/**,
# allows UDP (for DNS), TCP (for http, https, etc), abstract Unix sockets, IPv4, IPv6
network unix stream,
network unix dgram,
network inet stream,
network inet dgram,
network inet6 stream,
network inet6 dgram,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/curl>
}
Reference in New Issue View Git Blame Copy Permalink