30 lines
658 B
Plaintext
30 lines
658 B
Plaintext
|
#include <tunables/global>
|
||
|
|
|
||
|
|
/usr/sbin/haproxy {
|
||
|
|
#include <abstractions/base>
|
||
|
|
#include <abstractions/nameservice>
|
||
|
|
capability net_bind_service,
|
||
|
|
capability setgid,
|
||
|
|
capability setuid,
|
||
|
|
capability kill,
|
||
|
|
capability sys_resource,
|
||
|
|
capability sys_chroot,
|
||
|
|
|
||
|
|
# those are needed for the stats socket creation
|
||
|
|
capability chown,
|
||
|
|
capability fowner,
|
||
|
|
capability fsetid,
|
||
|
|
|
||
|
|
network tcp,
|
||
|
|
|
||
|
|
/etc/haproxy/* r,
|
||
|
|
|
||
|
|
/var/lib/haproxy/stats rwl,
|
||
|
|
/var/lib/haproxy/stats.*.bak rwl,
|
||
|
|
/var/lib/haproxy/stats.*.tmp rwl,
|
||
|
|
/{,var/}run/haproxy.pid rw,
|
||
|
|
|
||
|
|
# Site-specific additions and overrides. See local/README for details.
|
||
|
|
#include <local/usr.sbin.haproxy>
|
||
|
|
}
|