[apparmor] [PATCH] profiles: certbot and dehydrated config dirs for SSL certificates
Goldwyn Rodrigues
rgoldwyn at suse.de
Fri Mar 9 16:26:24 UTC 2018
From: Goldwyn Rodrigues <rgoldwyn at suse.com>
From: Sven Uebelacker <sven at uebelacker.net>
Signed-off-by: Goldwyn Rodrigues <rgoldwyn at suse.com>
---
profiles/apparmor.d/abstractions/ssl_certs | 7 +++++++
profiles/apparmor.d/abstractions/ssl_keys | 7 +++++++
2 files changed, 14 insertions(+)
diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
index 0234fd4b..4a6c17b4 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -27,3 +27,10 @@
# acmetool
/var/lib/acme/certs/*/chain r,
/var/lib/acme/certs/*/cert r,
+
+ # certbot
+ /etc/certbot/live/** r,
+ /etc/certbot/archive/** r,
+
+ # dehydrated
+ /etc/dehydrated/certs/** r,
diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
index c6f29ad2..e805bff1 100644
--- a/profiles/apparmor.d/abstractions/ssl_keys
+++ b/profiles/apparmor.d/abstractions/ssl_keys
@@ -20,3 +20,10 @@
/var/lib/acme/live/* r,
/var/lib/acme/certs/** r,
/var/lib/acme/keys/** r,
+
+ # certbot
+ /etc/certbot/live/** r,
+ /etc/certbot/archive/** r,
+
+ # dehydrated
+ /etc/dehydrated/certs/** r,
--
2.16.2
More information about the AppArmor
mailing list