1#include <tunables/global> 2 3/opt/aprsc/sbin/aprsc { 4 #include <abstractions/base> 5 #include <abstractions/nameservice> 6 7 8 capability setgid, 9 capability setuid, 10 capability sys_chroot, 11 capability sys_resource, 12 13 /opt/aprsc/sbin/aprsc rpx, 14 /sbin/aprsc rpx, 15 /opt/aprsc/etc/* r, 16 /opt/aprsc/web/* r, 17 /opt/aprsc/web/ r, 18 /opt/aprsc/logs/aprsc* rwk, 19 owner /opt/aprsc/data/** rwk, 20 /opt/aprsc/lib/** rm, 21 /opt/aprsc/lib64/** rm, 22 /opt/aprsc/usr/lib/** rm, 23 /opt/aprsc/var/core/* rwk, 24 25 /dev/urandom r, 26 /opt/aprsc/dev/urandom r, 27} 28