46 lines
1.3 KiB
Text
46 lines
1.3 KiB
Text
#include <tunables/global>
|
|
|
|
/var/xyzzy/bin/forgejo*amd64 flags=(complain) {
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
#include <abstractions/user-tmp>
|
|
|
|
/dev/tty rw,
|
|
/etc/gitconfig r,
|
|
/etc/machine-id r,
|
|
/etc/mime.types r,
|
|
/proc/sys/net/core/somaxconn r,
|
|
/proc/version r,
|
|
/sys/devices/system/cpu/online r,
|
|
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
|
/usr/bin/basename mrix,
|
|
/usr/bin/bash mrix,
|
|
/usr/bin/cat mrix,
|
|
/usr/bin/dash mrix,
|
|
/usr/bin/date mrix,
|
|
/usr/bin/id mrix,
|
|
/usr/bin/env rix,
|
|
/usr/bin/git mrix,
|
|
/usr/bin/gzip mrix,
|
|
/usr/lib/git-core/git mrix,
|
|
/usr/share/git-core/templates r,
|
|
/usr/share/mime/globs2 r,
|
|
|
|
/var/xyzzy/backup/* rw,
|
|
/var/xyzzy/bin/forgejo*amd64 mrix,
|
|
/var/xyzzy/etc/forgejo/app.ini r,
|
|
/var/xyzzy/etc/forgejo/internal_token r,
|
|
/var/xyzzy/etc/forgejo/jwt_secret r,
|
|
/var/xyzzy/etc/forgejo/lfs_jwt_secret r,
|
|
/var/xyzzy/forge/** r,
|
|
/var/xyzzy/forge/data/repositories/*/*.git/hooks/* mrix,
|
|
/var/xyzzy/forge/data/repositories/*/*.git/hooks/*.d/* mrix,
|
|
|
|
owner /proc/*/cpuset r,
|
|
owner /var/xyzzy/git/.gitconfig rw,
|
|
owner /var/xyzzy/git/.gitconfig.lock rw,
|
|
owner /var/xyzzy/git/.ssh/* rw,
|
|
owner /var/xyzzy/forge/data/** rwkl,
|
|
owner /var/xyzzy/forge/log/* rw,
|
|
|
|
}
|