%platform linux
#
# InspIRCd -- Internet Relay Chat Daemon
#
#   Copyright (C) 2024 Marcus Rueckert <darix@nordisch.org>
#   Copyright (C) 2020-2022, 2024 Sadie Powell <sadie@witchery.services>
#
# This file is part of InspIRCd.  InspIRCd is free software: you can
# redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation, version 2.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# To use this file move it to /etc/apparmor.d/inspircd

#include <tunables/global>

profile inspircd @BINARY_DIR@/inspircd {
	include <abstractions/base>
	include <abstractions/nameservice>

	capability net_bind_service,
	capability setgid,
	capability setuid,
	capability sys_resource,

	@BINARY_DIR@/inspircd ixr,
	@CONFIG_DIR@/** rw,
	@DATA_DIR@/** rw,
	@MODULE_DIR@/ r,
	@MODULE_DIR@/core_*.so mr,
	@MODULE_DIR@/m_*.so mr,
	@LOG_DIR@/** w,
	@RUNTIME_DIR@/** rw,

	# Required by the ldap module:
	include <abstractions/ldapclient>

	# Required by the mysql module:
	include <abstractions/mysql>

	# Required by the ssl_gnutls and ssl_openssl modules:
	include <abstractions/ssl_certs>
	include <abstractions/ssl_keys>

	# External distro/install specific rules:
	include if exists <local/inspircd>
}
