1  # SPDX-License-Identifier: GPL-3.0-or-later
 2  # SPDX-FileCopyrightText: 2025 Chris Barry <chris@barry.im>
 3  # AppArmor profile for radicle-node
 4  
 5  #include <tunables/global> 
 6  
 7  profile radicle-node /usr{,/local}/bin/radicle-node {
 8    #include <abstractions/base>
 9    #include <abstractions/nameservice>
10    #include <abstractions/user-tmp>
11  
12    capability setgid,
13    capability setuid,
14  
15    network inet stream,
16    network inet6 stream,
17  
18    # Configuration and runtime
19    /run/radicle/** rw,
20    /var/lib/{,private/}radicle/** rwkl,
21    @{HOME}/.radicle/** rk,
22  
23    # Needed for radicle to operate
24    /usr/bin/git Pix,
25    /usr/lib/git-core/git-pack-refs rix,
26    /usr/lib/git-core/git ix,
27  
28    #include if exists <local/usr.local.bin.radicle-node>
29  }