Add startup scripts and apparmor templates
Change-Id: Ie4b9d507b16c0969d29eac5b5e8e49921de31bd7
This commit is contained in:
parent
4af7493380
commit
a2cccbe4e9
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
VENV=$1
|
||||
|
||||
[ -n "$VENV" ] || ( echo "provide virtual env path as parameter" && exit 1 )
|
||||
|
||||
"$VENV/bin/pecan" serve --reload config.py
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
VENV=$1
|
||||
|
||||
[ -n "$VENV" ] || ( echo "provide virtual env path as parameter" && exit 1 )
|
||||
|
||||
"$VENV/bin/uwsgi" --http-socket :5000 --venv "$VENV" --pecan config.py -p 4
|
|
@ -0,0 +1,48 @@
|
|||
#include <tunables/global>
|
||||
|
||||
@{ECA_BASE}="/replace/with/path/to/ephemeral-ca"
|
||||
@{ECA_VENV}="@{ECA_BASE}/.venv"
|
||||
@{ECA_CA_DIR}="@{ECA_BASE}/CA"
|
||||
@{ECA_CERTS_DIR}="@{ECA_BASE}/certs"
|
||||
|
||||
/replace/with/path/to/ephemeral-ca/bin/ephemeral_ca_debug {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/bash>
|
||||
|
||||
/bin/dash ix,
|
||||
@{ECA_BASE}/ r,
|
||||
@{ECA_BASE}/bin/ephemeral_ca_debug mixr,
|
||||
|
||||
@{ECA_VENV}/bin/pecan cix,
|
||||
|
||||
profile /replace/with/path/to/bin/pecan {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/python>
|
||||
#include <abstractions/bash>
|
||||
#include <abstractions/nameservice>
|
||||
#include <abstractions/user-tmp>
|
||||
|
||||
network inet stream,
|
||||
|
||||
/bin/dash ix,
|
||||
/bin/uname ix,
|
||||
/etc/mime.types r,
|
||||
|
||||
/sbin/ldconfig mUxr,
|
||||
|
||||
@{ECA_CA_DIR}/* r,
|
||||
@{ECA_CERTS_DIR}/{,*.crt} w,
|
||||
|
||||
@{ECA_BASE}/ r,
|
||||
@{ECA_BASE}/ephemeral_ca/**.py{,c} r,
|
||||
@{ECA_BASE}/ephemeral_ca/{,**/} r,
|
||||
@{ECA_BASE}/config.py r,
|
||||
|
||||
@{ECA_VENV}/bin/python mixr,
|
||||
@{ECA_VENV}/bin/pecan mixr,
|
||||
@{ECA_VENV}/bin/ r,
|
||||
@{ECA_VENV}/lib/python2.7/ r,
|
||||
@{ECA_VENV}/lib/python2.7/** r,
|
||||
@{ECA_VENV}/lib/python2.7/**/*.so m,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
#include <tunables/global>
|
||||
|
||||
@{ECA_BASE}="/path/to/ephemeral-ca"
|
||||
@{ECA_VENV}="@{ECA_BASE}/.venv"
|
||||
@{ECA_CA_DIR}="@{ECA_BASE}/CA"
|
||||
@{ECA_CERTS_DIR}="@{ECA_BASE}/certs"
|
||||
|
||||
/path/to/ephemeral-ca/bin/ephemeral_ca_production {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/bash>
|
||||
|
||||
/bin/dash ix,
|
||||
@{ECA_BASE}/ r,
|
||||
@{ECA_BASE}/bin/ephemeral_ca_production mixr,
|
||||
|
||||
@{ECA_VENV}/bin/uwsgi cix,
|
||||
|
||||
profile /path/to/ephemeral-ca/.venv/bin/uwsgi {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/python>
|
||||
#include <abstractions/bash>
|
||||
#include <abstractions/nameservice>
|
||||
#include <abstractions/user-tmp>
|
||||
|
||||
network inet stream,
|
||||
|
||||
/bin/dash ix,
|
||||
/bin/uname ix,
|
||||
/etc/mime.types r,
|
||||
/sbin/ldconfig mUxr,
|
||||
|
||||
@{PROC}/sys/net/core/somaxconn r,
|
||||
|
||||
@{ECA_CA_DIR}/* r,
|
||||
@{ECA_CERTS_DIR}/{,*.crt} w,
|
||||
|
||||
@{ECA_BASE}/ r,
|
||||
@{ECA_BASE}/ephemeral_ca/**.py{,c} r,
|
||||
@{ECA_BASE}/ephemeral_ca/{,**/} r,
|
||||
@{ECA_BASE}/config.py r,
|
||||
|
||||
@{ECA_VENV}/bin/python mixr,
|
||||
@{ECA_VENV}/bin/uwsgi mixr,
|
||||
@{ECA_VENV}/bin/ r,
|
||||
@{ECA_VENV}/lib/python2.7/ r,
|
||||
@{ECA_VENV}/lib/python2.7/** r,
|
||||
@{ECA_VENV}/lib/python2.7/**/*.so m,
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue