fix: apparmor config typo
This commit is contained in:
Clément Désiles
@@ -25,8 +25,33 @@
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/apparmor.d/usr.sbin.unbound
|
||||
content: |
|
||||
/etc/unbound/** r,
|
||||
/var/lib/unbound/** rwk,
|
||||
#include <tunables/global>
|
||||
|
||||
/usr/sbin/unbound {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/nameservice>
|
||||
|
||||
capability net_bind_service,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
capability sys_chroot,
|
||||
capability sys_resource,
|
||||
|
||||
/etc/unbound/** r,
|
||||
/var/lib/unbound/** rwk,
|
||||
/run/unbound.pid rw,
|
||||
/usr/sbin/unbound mr,
|
||||
|
||||
# Allow reading system certificates
|
||||
/etc/ssl/certs/** r,
|
||||
/usr/share/ca-certificates/** r,
|
||||
|
||||
# Allow network access
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
}
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
Reference in New Issue
Block a user