Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Last Modified: Tue Sep 8 00:54:36 2015
- #include <tunables/global>
- # vim:syntax=apparmor
- # Author: Jamie Strandboge <jamie@ubuntu.com>
- /usr/sbin/clamd {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/dovecot-common>
- #include <abstractions/nameservice>
- #include <local/usr.sbin.clamd>
- capability chown,
- capability dac_override,
- capability fsetid,
- capability setgid,
- capability setuid,
- capability sys_admin,
- /bin/dash rix,
- /bin/** r,
- /sbin/** r,
- /usr/bin/** r,
- /usr/sbin/** r,
- /var/** r,
- /etc/clamav/clamd.conf r,
- /etc/clamav/freshclam.conf r,
- /opt/clamdazer Ux,
- /proc/*/fd/ r,
- /tmp/ rw,
- /tmp/** rwk,
- /usr/bin/notify-send rix,
- /usr/bin/tail rix,
- /usr/bin/wget rix,
- /usr/sbin/clamd mr,
- /var/lib/amavis/tmp/** r,
- /var/lib/clamav/ r,
- /var/lib/clamav/** rwk,
- /var/lib/dbus/machine-id r,
- /var/log/clamav/* rwk,
- /var/spool/MIMEDefang/mdefang-*/Work/ r,
- /var/spool/MIMEDefang/mdefang-*/Work/** r,
- /var/spool/clamsmtp/* r,
- /var/spool/exim4/** r,
- /var/spool/havp/** r,
- /var/spool/p3scan/children/** r,
- /var/spool/qpsmtpd/* r,
- /{,var/}run/clamav/clamd.ctl w,
- /{,var/}run/clamav/clamd.pid w,
- @{HOME}/ r,
- @{HOME}/** r,
- owner @{PROC}/[0-9]*/status r,
- @{PROC}/filesystems r,
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement