#
# InspIRCd -- Internet Relay Chat Daemon
#
#   Copyright (C) 2024 Marcus Rueckert <darix@nordisch.org>
#   Copyright (C) 2020-2022, 2024 Sadie Powell <sadie@witchery.services>
#
# This file is part of InspIRCd.  InspIRCd is free software: you can
# redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation, version 2.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# To use this file move it to /etc/apparmor.d/inspircd

#include <tunables/global>

profile inspircd /usr/bin/inspircd {
	include <abstractions/base>
	include <abstractions/nameservice>

	capability net_bind_service,
	capability setgid,
	capability setuid,
	capability sys_resource,

	/usr/bin/inspircd ixr,
	/etc/inspircd/** rw,
	/var/lib/inspircd/data/** rw,
	/usr/lib/inspircd/modules/ r,
	/usr/lib/inspircd/modules/core_*.so mr,
	/usr/lib/inspircd/modules/m_*.so mr,
	/var/log/inspircd/** w,
	/run/inspircd/** rw,

	# Required by the ldap module:
	include <abstractions/ldapclient>

	# Required by the mysql module:
	include <abstractions/mysql>

	# Required by the ssl_gnutls and ssl_openssl modules:
	include <abstractions/ssl_certs>
	include <abstractions/ssl_keys>

	# External distro/install specific rules:
	include if exists <local/inspircd>
}
