slack-sesame-unlock

Sesame-3 unlock bot for Slack outgoing webhook
git clone https://git.kamikakushi.net/slack-sesame-unlock.git
Log | Files | Refs | README | LICENSE
commit 8449d21626d869e860950a15f9e3227ba26a0d3a
parent cd3981e2d3081dee2492979f330dfbacc596c1fc
Author: Inoue Yosuke <[email protected]>
Date:   Sat,  3 Dec 2022 20:24:44 +0900

Add apparmor profile

Diffstat:

Aapparmor.profile.alpine | 25+++++++++++++++++++++++++


1 file changed, 25 insertions(+), 0 deletions(-)

diff --git a/apparmor.profile.alpine b/apparmor.profile.alpine
@@ -0,0 +1,25 @@
+# Apparmor profile for slack-sesame-unlock on Alpine Linux 3.17
+
+include <tunables/global>
+
+profile /usr/local/bin/slack-sesame-unlock {
+  include <abstractions/base>
+  include <abstractions/python>
+  include <abstractions/ssl_certs>
+
+  @{profile_name} r,
+
+  network inet stream,
+  network inet6 stream,
+
+  /etc/apache2/mime.types r,
+  /etc/hosts r,
+  /etc/passwd r,
+  /etc/resolv.conf r,
+  /etc/zoneinfo/** r,
+  owner @{PROC}/@{pid}/{fd/,limits,mounts,stat} r,
+
+  # supress noisy messages
+  deny /usr/local/bin/ r,
+  deny /usr/lib/python3*/**/__pycache__/** w,
+}