slack-sesame-unlock

Sesame-3 unlock bot for Slack outgoing webhook
git clone https://git.kamikakushi.net/slack-sesame-unlock.git
Log | Files | Refs | README | LICENSE

commit 8449d21626d869e860950a15f9e3227ba26a0d3a
parent cd3981e2d3081dee2492979f330dfbacc596c1fc
Author: Inoue Yosuke <[email protected]>
Date:   Sat,  3 Dec 2022 20:24:44 +0900

Add apparmor profile

Diffstat:
Aapparmor.profile.alpine | 25+++++++++++++++++++++++++
1 file changed, 25 insertions(+), 0 deletions(-)

diff --git a/apparmor.profile.alpine b/apparmor.profile.alpine @@ -0,0 +1,25 @@ +# Apparmor profile for slack-sesame-unlock on Alpine Linux 3.17 + +include <tunables/global> + +profile /usr/local/bin/slack-sesame-unlock { + include <abstractions/base> + include <abstractions/python> + include <abstractions/ssl_certs> + + @{profile_name} r, + + network inet stream, + network inet6 stream, + + /etc/apache2/mime.types r, + /etc/hosts r, + /etc/passwd r, + /etc/resolv.conf r, + /etc/zoneinfo/** r, + owner @{PROC}/@{pid}/{fd/,limits,mounts,stat} r, + + # supress noisy messages + deny /usr/local/bin/ r, + deny /usr/lib/python3*/**/__pycache__/** w, +}