# This AppArmor profile is part of the prometheus-masscan_exporter package
# Georg Pfuetzenreuter <mail+apparmor@georg-pfuetzenreuter.net>

abi <abi/3.0>,

include <tunables/global>

prometheus-masscan_exporter /usr/bin/masscan_exporter {
  include <abstractions/base>

  capability net_raw,

  network inet raw,
  network inet stream,
  network inet6 raw,
  network inet6 stream,

  /etc/prometheus/masscan_exporter.yml r,
  /etc/protocols r,
  /proc/sys/net/core/somaxconn r,
  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
  /usr/bin/masscan_exporter mr,
  /usr/bin/masscan Pix,  # TODO: profile for masscan, then maybe only Px
  /var/lib/masscan/* rw, # TODO: be more explicit

  include if exists <local/prometheus-masscan_exporter>
}
