Add an AppArmor config.

1 files changed, 46 insertions, 0 deletions

diff --git a/make/template/apparmor b/make/template/apparmor
new file mode 100644
index 000000000..83c248c55
--- /dev/null
+++ b/make/template/apparmor
@@ -0,0 +1,46 @@
+%platform linux
+#
+# InspIRCd -- Internet Relay Chat Daemon
+#
+#   Copyright (C) 2020 Sadie Powell <sadie@witchery.services>
+#
+# This file is part of InspIRCd.  InspIRCd is free software: you can
+# redistribute it and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, version 2.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# To use this file move it to /etc/apparmor.d/inspircd
+
+#include <tunables/global>
+
+@BINARY_DIR@/inspircd {
+	#include <abstractions/base>
+	#include <abstractions/nameservice>
+
+	capability net_bind_service,
+	capability setgid,
+	capability setuid,
+	capability sys_resource,
+
+	@BINARY_DIR@/inspircd ixr,
+	@CONFIG_DIR@/** rw,
+	@DATA_DIR@/** rw,
+	@MODULE_DIR@/ r,
+	@MODULE_DIR@/core_*.so mr,
+	@MODULE_DIR@/m_*.so mr,
+	@LOG_DIR@/** w,
+
+	# Required by the ldap module:
+	#include <abstractions/ldapclient>
+
+	# Required by the mysql module:
+	#include <abstractions/mysql>
+}