    include <abstractions/nameservice>

    /usr/lib/gitlab/shell/config.yml r,
    /usr/lib/gitlab/shell/.gitlab_shell_secret r,
    /srv/www/vhosts/gitlab-ce/.gitlab_shell_secret r,

    /usr/lib/gitlab/gitaly/vendor/gitlab-shell/lib/** r,

    owner @{GITLAB_APP_DIR}/log/gitlab-shell.log rw,
