mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity
apparmor/profiles/apparmor.d/proftpd
bruce-canonical e892093c06 ProFTPD Profile
2025-05-12 14:27:27 +00:00

59 lines
1.3 KiB
Plaintext
Raw Blame History

abi <abi/4.0>,
include <tunables/global>
profile proftpd /usr/sbin/proftpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/user-tmp>
include <abstractions/wutmp>
include <abstractions/authentication>
include <abstractions/private-files-strict>
capability setgid,
capability setuid,
# Required for logging user login attempts
capability audit_write,
# Required for chrooting ftp users when accessing files (Used by DefaultRoot in proftpd.conf)
capability sys_chroot,
mqueue getattr type=posix /,
mqueue read type=posix /,
# Configuration files
/etc/ftpusers r,
/etc/shells r,
owner /etc/security/capability.conf r,
# User/Group Records
/run/systemd/userdb/ r,
/run/systemd/userdb/io.systemd.DynamicUser rw,
# ProFTPD logs
/var/log/proftpd/** rw,
owner /etc/proftpd/** rw,
# Process info
owner /run/proftpd.delay rwk,
owner /run/proftpd.pid rwk,
owner /run/proftpd.scoreboard rwk,
owner /run/proftpd.scoreboard.lck rwk,
owner /run/proftpd/* rw,
owner /run/test.sock w,
owner /var/log/xferlog w,
# Need to be able to write to where FTP is configured
owner @{HOME}/** rw,
@{HOME} rw,
/srv/ftp/** rw,
/srv/www/** rw,
/var/ftp/** rw,
/var/www/** rw,
# For running in confined environments
/usr/sbin/proftpd mr,
include if exists <local/proftpd>
}
Reference in New Issue View Git Blame Copy Permalink