12c593315Sopenharmony_ci#include <tunables/global> 22c593315Sopenharmony_ci 32c593315Sopenharmony_ci/usr/sbin/nghttpx { 42c593315Sopenharmony_ci #include <abstractions/base> 52c593315Sopenharmony_ci #include <abstractions/nameservice> 62c593315Sopenharmony_ci #include <abstractions/openssl> 72c593315Sopenharmony_ci 82c593315Sopenharmony_ci capability setgid, 92c593315Sopenharmony_ci capability setuid, 102c593315Sopenharmony_ci 112c593315Sopenharmony_ci /usr/sbin/nghttpx rmix, # allow to run itself 122c593315Sopenharmony_ci /etc/nghttpx/nghttpx.conf r, # allow to read the config file 132c593315Sopenharmony_ci /etc/ssl/** r, # give access to ssl keys 142c593315Sopenharmony_ci 152c593315Sopenharmony_ci /{,var/}run/nghttpx.pid lw, # allow to store a pid file 162c593315Sopenharmony_ci} 17