allow reading custom certificates

astibal · Oct 18, 2024 · 2562b4c · 2562b4c
1 parent 5af1ecb
commit 2562b4c
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/etc/apparmor/usr.bin.smithproxy b/etc/apparmor/usr.bin.smithproxy
@@ -4,6 +4,8 @@
 @{SX_DATA}=/var/local/smithproxy/
 @{SX_DATA2}=/var/smithproxy/
 @{CERTSTORE}=/usr/share/ca-certificates/
+
+# allow reading let's encrypt certificates (don't forget to check the rule below, too!)
 # @{CERTSTORE2}=/etc/letsencrypt/
 
 
@@ -29,7 +31,10 @@
   # read etc
   /etc/smithproxy/** r,
   /etc/smithproxy/*.cfg rw,
-  /etc/smithproxy/certs/**/custom/** rw,
+  /etc/smithproxy/certs/**/ip/** rw,
+  /etc/smithproxy/certs/**/sni/** rw,
+  /etc/smithproxy/certs/**/cc-ip/** rw,
+  /etc/smithproxy/certs/**/cc-sni/** rw,
 
   # rename own threads
   /proc/@{pid}/task/*/comm rw,