Home

Contribute

Source code


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

/usr/sbin/mosquitto {
	#include <abstractions/base>
	#include <abstractions/nameservice>

	/usr/sbin/mosquitto r,
	/etc/mosquitto/mosquitto.conf r,
	/etc/mosquitto/ca_certificates/* r,
	/etc/mosquitto/certs/* r,
	/etc/mosquitto/conf.d/* r,
	/var/lib/mosquitto/ r,
	/var/lib/mosquitto/mosquitto.db rwk,
	/var/run/mosquitto.pid rw,

	network inet stream,
	network inet6 stream,
	network inet dgram,
	network inet6 dgram,

	# For drop privileges
	capability setgid,
	capability setuid,

	# For tcp-wrappers
	/lib{,32,64}/libwrap.so*  rm,
	/etc/hosts.allow r,
	/etc/hosts.deny r,
}