summaryrefslogtreecommitdiff
path: root/profiles/usr.sbin.kopano-server
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/usr.sbin.kopano-server')
-rw-r--r--profiles/usr.sbin.kopano-server43
1 files changed, 43 insertions, 0 deletions
diff --git a/profiles/usr.sbin.kopano-server b/profiles/usr.sbin.kopano-server
new file mode 100644
index 0000000..0f3648c
--- /dev/null
+++ b/profiles/usr.sbin.kopano-server
@@ -0,0 +1,43 @@
+#include <tunables/global>
+
+/usr/sbin/kopano-server {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/user-tmp>
+ #include <abstractions/mysql>
+
+ capability chown,
+ capability dac_override,
+ capability dac_read_search,
+ capability setgid,
+ capability setuid,
+
+ network tcp,
+
+ /etc/kopano/debian-db.cfg r,
+ /etc/kopano/server.cfg r,
+
+ @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+ /run/kopano/prio.sock rw,
+ /run/kopano/server.pid rw,
+ /run/kopano/server.sock rw,
+
+ /usr/lib/x86_64-linux-gnu/kopano/*.so m,
+
+ /var/lib/kopano/attachments/ r,
+ /var/lib/kopano/attachments/** rw,
+ /var/log/kopano/server.log rw,
+
+ /etc/kopano/userscripts/* Cxr -> kopano_userscripts,
+
+ # There's little we can do if the server is allowed to run
+ # arbitrary scripts
+ profile kopano_userscripts {
+ file,
+ network,
+ }
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kopano-server>
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 08:07:21 +0000