Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. # Last Modified: Tue Sep 8 00:54:36 2015
  2. #include <tunables/global>
  3.  
  4. # vim:syntax=apparmor
  5. # Author: Jamie Strandboge <jamie@ubuntu.com>
  6.  
  7.  
  8. /usr/sbin/clamd {
  9. #include <abstractions/base>
  10. #include <abstractions/bash>
  11. #include <abstractions/dovecot-common>
  12. #include <abstractions/nameservice>
  13. #include <local/usr.sbin.clamd>
  14.  
  15. capability chown,
  16. capability dac_override,
  17. capability fsetid,
  18. capability setgid,
  19. capability setuid,
  20. capability sys_admin,
  21.  
  22. /bin/dash rix,
  23. /bin/** r,
  24. /sbin/** r,
  25. /usr/bin/** r,
  26. /usr/sbin/** r,
  27. /var/** r,
  28. /etc/clamav/clamd.conf r,
  29. /etc/clamav/freshclam.conf r,
  30. /opt/clamdazer Ux,
  31. /proc/*/fd/ r,
  32. /tmp/ rw,
  33. /tmp/** rwk,
  34. /usr/bin/notify-send rix,
  35. /usr/bin/tail rix,
  36. /usr/bin/wget rix,
  37. /usr/sbin/clamd mr,
  38. /var/lib/amavis/tmp/** r,
  39. /var/lib/clamav/ r,
  40. /var/lib/clamav/** rwk,
  41. /var/lib/dbus/machine-id r,
  42. /var/log/clamav/* rwk,
  43. /var/spool/MIMEDefang/mdefang-*/Work/ r,
  44. /var/spool/MIMEDefang/mdefang-*/Work/** r,
  45. /var/spool/clamsmtp/* r,
  46. /var/spool/exim4/** r,
  47. /var/spool/havp/** r,
  48. /var/spool/p3scan/children/** r,
  49. /var/spool/qpsmtpd/* r,
  50. /{,var/}run/clamav/clamd.ctl w,
  51. /{,var/}run/clamav/clamd.pid w,
  52. @{HOME}/ r,
  53. @{HOME}/** r,
  54. owner @{PROC}/[0-9]*/status r,
  55. @{PROC}/filesystems r,
  56.  
  57. }