Cradicle Explorer
bootstrap.reseed.onion.im
/ etc / apparmor.d / usr.local.bin.reseed-tools
usr.local.bin.reseed-tools
 1  # SPDX-License-Identifier: AGPL-3.0-or-later
 2  # SPDX-FileCopyrightText: 2025 Chris Barry <chris@barry.im>
 3  # AppArmor profile for reseed-tools
 4  
 5  #include <tunables/global>
 6  
 7  profile reseed-server /usr{,/local}/bin/reseed-tools {
 8    #include <abstractions/base>
 9    #include <abstractions/private-files-strict>
10  
11    network inet stream,
12    network inet6 stream,
13    network unix stream,
14  
15    # Allow writing logs
16    /dev/log/ w,
17  
18    # Default debian location for i2pd
19    /var/lib/i2pd/netDb/ r,
20    /var/lib/i2pd/netDb/** r,
21  
22    # Logging via syslog
23    /dev/log w,
24  
25    # Temp dir access (read/write)
26    /tmp/** rw,
27    /var/tmp/** rw,
28  
29    # Allow systemd supervision signals
30    signal peer=unconfined,
31    signal (send, receive) peer=reseed-server,
32  
33    #include if exists <local/usr.local.bin.reseed-tools>
34  }