# This AppArmor profile is part of the draupnir package
# Georg Pfuetzenreuter <mail+apparmor@georg-pfuetzenreuter.net>

#include <tunables/global>

profile draupnir flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/user-tmp>

  /usr/bin/node22 ix,

  /etc/draupnir/ r,
  /etc/draupnir/{production,registration}.yaml r,
  /etc/draupnir/token r,
  /proc/@{pid}/{cgroup,stat} r,
  /usr/lib64/draupnir/better-sqlite3/better_sqlite3.node m,
  /usr/libexec/draupnir/matrix-sdk-crypto.linux-x64-gnu.node mr,
  /usr/share/draupnir/** r,
  /usr/share/icu/[0-9][0-9].[0-9]/icudt[0-9][0-9]l.dat r,
  /var/lib/draupnir/ r,
  /var/lib/draupnir/bot.json rw,
  /var/lib/draupnir/{hash-store,room-audit-log,room-state-backing-store,user-restriction-audit-log}.db{,-{journal,shm,wal}} krw,

}
