[mirrors/AppArmor-Profiles.git] / usr.sbin.lighttpd

# Last Modified: Wed Jan 18 10:48:17 2012
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

/usr/sbin/lighttpd {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>
  #include <abstractions/perl>
  #include <abstractions/php5>
  #include <abstractions/web-data>

  capability dac_override,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,


  deny /usr/bin/pacman r,

  /bin/bash mix,
  /bin/cat mix,
  /bin/egrep r,
  /bin/zsh mix,
  /etc/lighttpd r,
  /etc/lighttpd/*.conf r,
  /etc/lighttpd/auth.d/* r,
  /etc/lighttpd/conf.d/*.conf r,
  /etc/lighttpd/vhosts.d r,
  /etc/lighttpd/vhosts.d/* r,
  /etc/php/conf.d/ r,
  /etc/php/php.ini r,
  /etc/ssl/private/*.pem r,
  /run/lighttpd/* w,
  /srv/http/ r,
  /srv/http/** r,
  /tmp/* rw,
  /usr/bin/php-cgi Cx,
  /usr/lib/lighttpd/*.so mr,
  /usr/lib64/lighttpd/*.so mr,
  /usr/sbin/lighttpd mix,
  /var/cache/lighttpd/ r,
  /var/cache/lighttpd/** rwl,
  /var/lib/lighttpd/ r,
  /var/lib/lighttpd/** rwl,
  /var/log/lighttpd/*.log rw,
  /{,var/}run/lighttpd.pid rwl,


  profile /usr/bin/php-cgi {
    #include <abstractions/base>


    /etc/* r,
    /etc/php/** r,
    /lib/lib*so* mr,
    /srv/http/ r,
    /srv/http/** r,
    /tmp/* rwk,
    /usr/bin/php-cgi r,
    /usr/lib/lib*so* mr,
    /usr/lib{,32,64}/** mr,

  }
}
Commit	Line	Data
92bc3717	1	# Last Modified: Wed Jan 18 10:48:17 2012
	2	# ------------------------------------------------------------------
	3	#
	4	# Copyright (C) 2002-2005 Novell/SUSE
	5	#
	6	# This program is free software; you can redistribute it and/or
	7	# modify it under the terms of version 2 of the GNU General Public
	8	# License published by the Free Software Foundation.
	9	#
	10	# ------------------------------------------------------------------
	11
	12	#include <tunables/global>
	13
	14	/usr/sbin/lighttpd {
	15	#include <abstractions/base>
	16	#include <abstractions/consoles>
	17	#include <abstractions/nameservice>
	18	#include <abstractions/perl>
	19	#include <abstractions/php5>
	20	#include <abstractions/web-data>
	21
	22	capability dac_override,
	23	capability net_bind_service,
	24	capability setgid,
	25	capability setuid,
	26	capability sys_chroot,
	27	capability sys_resource,
	28
	29
	30	deny /usr/bin/pacman r,
	31
	32	/bin/bash mix,
	33	/bin/cat mix,
	34	/bin/egrep r,
	35	/bin/zsh mix,
	36	/etc/lighttpd r,
	37	/etc/lighttpd/*.conf r,
	38	/etc/lighttpd/auth.d/* r,
	39	/etc/lighttpd/conf.d/*.conf r,
	40	/etc/lighttpd/vhosts.d r,
	41	/etc/lighttpd/vhosts.d/* r,
	42	/etc/php/conf.d/ r,
	43	/etc/php/php.ini r,
	44	/etc/ssl/private/*.pem r,
	45	/run/lighttpd/* w,
	46	/srv/http/ r,
	47	/srv/http/** r,
	48	/tmp/* rw,
	49	/usr/bin/php-cgi Cx,
	50	/usr/lib/lighttpd/*.so mr,
	51	/usr/lib64/lighttpd/*.so mr,
	52	/usr/sbin/lighttpd mix,
	53	/var/cache/lighttpd/ r,
	54	/var/cache/lighttpd/** rwl,
	55	/var/lib/lighttpd/ r,
	56	/var/lib/lighttpd/** rwl,
	57	/var/log/lighttpd/*.log rw,
	58	/{,var/}run/lighttpd.pid rwl,
	59
	60
	61	profile /usr/bin/php-cgi {
	62	#include <abstractions/base>
	63
	64
65
66	/etc/* r,
67	/etc/php/** r,
68	/lib/libso mr,
69	/srv/http/ r,
70	/srv/http/** r,
71	/tmp/* rwk,
72	/usr/bin/php-cgi r,
73	/usr/lib/libso mr,
74	/usr/lib{,32,64}/** mr,
75
76	}
77	}