[apparmor] Ubuntu profile for squid3
Simon Deziel
simon.deziel at gmail.com
Wed May 2 02:27:38 UTC 2012
Hi all,
Please find attached a profile for squid3 that I've used in production
for about a month without problem. It was not tested with external auth
providers so it would be good if others could test this part.
Note that the profile is compatible with the squid-deb-proxy package
that I also use in production.
Thanks for reviewing/commenting,
Simon
-------------- next part --------------
# Author: Simon Deziel
# vim:syntax=apparmor
#include <tunables/global>
/usr/sbin/squid3 {
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
capability setuid,
capability setgid,
capability sys_chroot,
/etc/mtab r,
@{PROC}/[0-9]*/mounts r,
@{PROC}/mounts r,
# squid3 configuration
/etc/squid3/** r,
/{,var/}run/squid3.pid rwk,
/var/spool/squid3/ r,
/var/spool/squid3/** rwk,
/usr/lib/squid3/* rmix,
/usr/share/squid3/** r,
/var/log/squid3/* rw,
# squid-langpack
/usr/share/squid-langpack/** r,
# squid-deb-proxy
/etc/squid-deb-proxy/** r,
/{,var/}run/squid-deb-proxy.pid rwk,
/var/cache/squid-deb-proxy/ r,
/var/cache/squid-deb-proxy/** rwk,
/var/log/squid-deb-proxy/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.squid3>
}
More information about the AppArmor
mailing list