Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:stroeder:sys
gitea
apparmor-usr.bin.gitea
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-usr.bin.gitea of Package gitea
abi <abi/3.0>, #include <tunables/global> profile gitea /usr/bin/gitea flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/openssl> #include <abstractions/user-tmp> #include <abstractions/mysql> network inet stream, network inet6 stream, /usr/bin/gitea mr, /usr/bin/gzip mr, # Grant read access to config files /etc/mime.types r, /usr/share/mime/globs2 r, /etc/machine-id r, /etc/gitea/ r, /etc/gitea/{conf,https,mailer}/ r, /etc/gitea/https/*.{crt,key,pem} r, # Access to config file app.ini /etc/gitea/conf/app.ini r, # Config must be writeable for initial setup # to restrict to read-only access admin can do after setup: # chown root:gitea /etc/gitea/conf/app.ini # chmod 0640 /etc/gitea/conf/app.ini owner /etc/gitea/conf/app.ini w, # Grant read access to public custom static content /etc/gitea/public/ r, /etc/gitea/public/** r, # allow invoking executables /usr/bin/{basename,bash,cat,env,git,git-lfs,gitea,ssh-keygen,gzip} ix, /usr/{lib,libexec}/git/git ix, /usr/{lib,libexec}/git/git-remote-http ix, /usr/{lib,libexec}/git/git-write-tree ix, /usr/share/git-core/templates/ r, /usr/share/git-core/templates/** r, /etc/gitconfig r, # Grant read access to static content /usr/share/gitea/** r, # Grant read access to some process parameters /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{PROC}/sys/net/core/somaxconn r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/{cgroup,cpuset,status,stat,limits} r, # Grant read access to working directory /var/lib/gitea/ r, # Allow TTY access /dev/tty rw, # Grant access to various data/repo directories owner /tmp/patch* rw, owner /tmp/index* rw, owner /tmp/gitea** rwl, owner /var/lib/gitea/{data,indexers,queues,repositories,backups}/ r, owner /var/lib/gitea/{data,indexers,queues,repositories}/** rwk, owner /var/lib/gitea/data/{tmp,gitea-repositories}/** rwkl, owner /var/lib/gitea/data/gitea-repositories/**.git/hooks/** ix, owner /var/lib/gitea/backups/gitea-dump-*.{zip,tar.gz,tar.xz} rw, owner /var/lib/gitea/https/** rwkl, # Ugly! /usr/share/gitea/.gitconfig rw, /usr/share/gitea/.gitconfig.lock rw, /usr/share/gitea/.ssh/ rw, /usr/share/gitea/.ssh/* rw, /usr/share/gitea/.local/** rw, # for writing access log file /var/log/gitea/ rw, /var/log/gitea/access.log rw, /var/log/gitea/access.log.* w, /var/log/gitea/doctors-* rw, # Site-specific additions and overrides. See local/README for details. include if exists <local/usr.bin.gitea> }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor