#
# InspIRCd -- Internet Relay Chat Daemon
#
#   Copyright (C) 2020-2022 Sadie Powell <sadie@witchery.services>
#
# This file is part of InspIRCd.  InspIRCd is free software: you can
# redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation, version 2.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# To use this file move it to /etc/apparmor.d/inspircd

#include <tunables/global>

/usr/bin/inspircd {
	#include <abstractions/base>
	#include <abstractions/nameservice>

	capability net_bind_service,
	capability setgid,
	capability setuid,
	capability sys_resource,

	/usr/bin/inspircd ixr,
	/etc/inspircd/** rw,
	/var/lib/inspircd/** rw,
	/usr/lib/inspircd/modules/ r,
	/usr/lib/inspircd/modules/core_*.so mr,
	/usr/lib/inspircd/modules/m_*.so mr,
	/var/log/inspircd/** w,
	/var/lib/inspircd/** rw,

	# Required by the ldap module:
	#include <abstractions/ldapclient>

	# Required by the mysql module:
	#include <abstractions/mysql>

	# Required by the ssl_gnutls, ssl_mbedtls, and ssl_openssl modules:
	#include <abstractions/ssl_certs>
	#include <abstractions/ssl_keys>
}
