# $Id$
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim:syntax=apparmor

abi <abi/4.0>,

include <tunables/global>

profile oidentd /usr/sbin/oidentd {
  include <abstractions/base>
  include <abstractions/nameservice>

  capability net_bind_service,
  capability dac_override,
  capability dac_read_search,
  capability setuid,
  capability setgid,

  network inet  stream,
  network inet6 stream,

  /etc/oidentd.conf        r,
  /etc/oidentd_masq.conf   r,
  /proc/net/tcp            r,
  /proc/net/tcp6           r,

  # spoofing feature of oidentd
  @{HOME}/.ispoof          r,
  @{HOME}/.oidentd.conf    r,
  /var/lib/znc/.oidentd.conf r,
}
