40 lines
808 B
Plaintext
40 lines
808 B
Plaintext
# vim:syntax=apparmor
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/bin/mysqlrouter {
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
#include <abstractions/user-tmp>
|
|
|
|
# Allow system resource access
|
|
/sys/devices/system/cpu/ r,
|
|
capability sys_resource,
|
|
capability dac_override,
|
|
capability setuid,
|
|
capability setgid,
|
|
capability chown,
|
|
capability fowner,
|
|
|
|
# Allow config access
|
|
/etc/mysqlrouter/** rw,
|
|
/var/lib/mysqlrouter/** rw,
|
|
|
|
# Allow runtime files such as PID-file
|
|
/var/run/mysqlrouter/mysqlrouter.pid rw,
|
|
|
|
# Allow read/ write to /tmp
|
|
/tmp/ r,
|
|
/tmp/* rw,
|
|
|
|
# Allow execution of MySQL Router binary
|
|
/usr/bin/mysqlrouter mr,
|
|
|
|
# Allow plugin access
|
|
/usr/lib/mysqlrouter/plugin/*.so mr,
|
|
|
|
# Allow log file access
|
|
/var/log/mysqlrouter/ rw,
|
|
/var/log/mysqlrouter/** rw,
|
|
}
|