etc_hulk/apparmor.d/abstractions/ssl_keys

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2009 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  # private ssl permissions

  # Just include the whole /etc/ssl directory if we should have access to
  # private keys too
  /etc/ssl/ r,
  /etc/ssl/** r,

  # acmetool
  /var/lib/acme/live/* r,
  /var/lib/acme/certs/** r,
  /var/lib/acme/keys/** r,

  # dehydrated
  /{etc,var/lib}/dehydrated/certs/*/privkey*.pem r,

  # certbot / letsencrypt
  /etc/letsencrypt/archive/*/privkey*.pem r,

  /etc/certbot/archive/*/privkey*.pem r,
Init Backup /etc/ Hulk congratulations file 2024-03-16 00:03:05 +01:00			`# vim:syntax=apparmor`
			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2009 Canonical Ltd.`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`

			`# private ssl permissions`

			`# Just include the whole /etc/ssl directory if we should have access to`
			`# private keys too`
			`/etc/ssl/ r,`
			`/etc/ssl/** r,`

			`# acmetool`
			`/var/lib/acme/live/* r,`
			`/var/lib/acme/certs/** r,`
			`/var/lib/acme/keys/** r,`

			`# dehydrated`
			`/{etc,var/lib}/dehydrated/certs//privkey.pem r,`

			`# certbot / letsencrypt`
			`/etc/letsencrypt/archive//privkey.pem r,`

			`/etc/certbot/archive//privkey.pem r,`