File: //proc/self/root/usr/share/apparmor/extra-profiles/usr.sbin.lighttpd
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim:syntax=apparmor
abi <abi/3.0>,
include <tunables/global>
/usr/sbin/lighttpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/perl>
include <abstractions/web-data>
# needed to change max file descriptors
capability sys_resource,
# network service ;)
capability net_bind_service,
# changing the uid/gid on startup
capability setgid,
capability setuid,
@{PROC}/loadavg r,
/etc/lighttpd r,
/etc/lighttpd/*.conf r,
/etc/lighttpd/conf.d/*.conf r,
/etc/lighttpd/auth.d/* r,
/etc/lighttpd/vhosts.d r,
/etc/lighttpd/vhosts.d/* r,
/usr/sbin/lighttpd mix,
/usr/lib/lighttpd/*.so mr,
/usr/lib64/lighttpd/*.so mr,
/etc/ssl/private/*.pem r,
# home dir. e.g. used for sockets.
/var/lib/lighttpd/ r,
/var/lib/lighttpd/** rwl,
# mod_compress cache
/var/cache/lighttpd/ r,
/var/cache/lighttpd/** rwl,
# pid
/{,var/}run/lighttpd.pid rwl,
# log files
/var/log/lighttpd/*.log rw,
# include_shell
/{usr/,}bin/bash mix,
/{usr/,}bin/dash mix,
/{usr/,}bin/zsh mix,
/{usr/,}bin/cat mix,
# Debian/Ubuntu integration in default installation
include <abstractions/perl>
/etc/mime.types r,
/usr/share/lighttpd/ r,
/usr/share/lighttpd/*.pl mrix,
/etc/lighttpd/conf-available/ r,
/etc/lighttpd/conf-available/*.conf r,
/etc/lighttpd/conf-enabled/ r,
/etc/lighttpd/conf-enabled/*.conf r,
}