2011-03-24 14:43:17 +01:00
|
|
|
# Last Modified: Thu Mar 24 13:33:08 2011
|
|
|
|
|
#include <tunables/global>
|
|
|
|
|
|
|
|
|
|
/usr/sbin/murmurd {
|
|
|
|
|
#include <abstractions/base>
|
|
|
|
|
#include <abstractions/nameservice>
|
|
|
|
|
#include <abstractions/ssl_certs>
|
2011-03-24 14:52:56 +01:00
|
|
|
#include <abstractions/user-tmp>
|
2011-03-24 14:43:17 +01:00
|
|
|
|
2012-06-25 16:59:24 +02:00
|
|
|
/etc/ssl/openssl.cnf r,
|
2011-03-24 14:43:17 +01:00
|
|
|
/etc/ssl/certs/** r,
|
|
|
|
|
deny /usr/share/ssl/ r,
|
|
|
|
|
deny /usr/share/ssl/** r,
|
|
|
|
|
|
|
|
|
|
# FIXME: mumble has weird capability handling. None of the first four should be
|
|
|
|
|
# needed if the code is adjusted
|
|
|
|
|
capability dac_override,
|
|
|
|
|
capability setgid,
|
|
|
|
|
capability setuid,
|
|
|
|
|
capability chown,
|
|
|
|
|
|
|
|
|
|
# needed for real time scheduling of the mixer threads
|
|
|
|
|
capability sys_resource,
|
|
|
|
|
# not needed anymore
|
|
|
|
|
# capability net_admin,
|
|
|
|
|
|
|
|
|
|
network inet stream,
|
|
|
|
|
|
|
|
|
|
/etc/mumble-server.ini rk,
|
|
|
|
|
/usr/bin/lsb_release cx,
|
|
|
|
|
/var/lib/mumble-server/ rwk,
|
|
|
|
|
/var/lib/mumble-server/** rwk,
|
|
|
|
|
/var/log/mumble-server/murmur.log w,
|
|
|
|
|
/var/run/mumble-server/mumble-server.pid w,
|
|
|
|
|
|
|
|
|
|
profile /usr/bin/lsb_release {
|
|
|
|
|
#include <abstractions/base>
|
|
|
|
|
#include <abstractions/consoles>
|
|
|
|
|
|
|
|
|
|
/bin/bash r,
|
|
|
|
|
/proc/meminfo r,
|
|
|
|
|
/usr/bin/getopt rix,
|
|
|
|
|
/usr/bin/head rix,
|
2012-06-26 09:30:17 +02:00
|
|
|
/usr/bin/grep rix,
|
|
|
|
|
/usr/bin/sed rix,
|
2011-03-24 14:43:17 +01:00
|
|
|
/usr/bin/cut rix,
|
|
|
|
|
/usr/bin/lsb_release r,
|
|
|
|
|
/etc/SuSE-release r,
|
|
|
|
|
}
|
|
|
|
|
}
|
