algo/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2

27 lines
517 B
Django/Jinja

#include <tunables/global>
/usr/sbin/dnsmasq {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability dac_override,
network inet raw,
/etc/dnsmasq.conf r,
/etc/dnsmasq.d/ r,
/etc/dnsmasq.d/* r,
/var/lib/dnsmasq/ r,
/var/lib/dnsmasq/block.hosts r,
/usr/sbin/dnsmasq mr,
/{,var/}run/*dnsmasq*.pid w,
/{,var/}run/dnsmasq-forwarders.conf r,
/{,var/}run/dnsmasq/ r,
/{,var/}run/dnsmasq/* rw,
}