slack-sesame-unlock

Sesame-3 unlock bot for Slack outgoing webhook
git clone https://git.kamikakushi.net/slack-sesame-unlock.git
Log | Files | Refs | README | LICENSE

apparmor.profile.alpine (564B)


      1 # Apparmor profile for slack-sesame-unlock on Alpine Linux 3.17
      2 
      3 include <tunables/global>
      4 
      5 profile /usr/local/bin/slack-sesame-unlock {
      6   include <abstractions/base>
      7   include <abstractions/python>
      8   include <abstractions/ssl_certs>
      9 
     10   @{profile_name} r,
     11 
     12   network inet stream,
     13   network inet6 stream,
     14 
     15   /etc/apache2/mime.types r,
     16   /etc/hosts r,
     17   /etc/passwd r,
     18   /etc/resolv.conf r,
     19   /etc/zoneinfo/** r,
     20   owner @{PROC}/@{pid}/{fd/,limits,mounts,stat} r,
     21 
     22   # supress noisy messages
     23   deny /usr/local/bin/ r,
     24   deny /usr/lib/python3*/**/__pycache__/** w,
     25 }