# ----------------------------------------------------------------------------
#
#    Copyright (C) 2000-2015 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------

#include <abstractions/libsynosdk/usergroup>

/etc/host.conf            r,
/etc/hosts                r,
/etc/protocols            r,
/etc/resolv.conf          r,
/etc/services             r,

# nslcd
#include <abstractions/ldapclient>

# winbind
#include <abstractions/winbind>

# kerberos
#include <abstractions/kerberosclient>

# tcp/udp network access
network inet    stream,
network inet6   stream,
network inet    dgram,
network inet6   dgram,

# ----------------------------------------------------------------------------
# Synology related files
# ----------------------------------------------------------------------------

capability        setuid,
capability        setgid,

# rebuild DB
/etc/group_desc                                       r,
/etc/synoappprivilege.db                              rwk,
/etc/synouser.conf                                    r,
/etc/synoinfo.conf                                    r,
/usr/syno/etc/private/                                r,
/usr/syno/etc/private/{kdc,pdc}_ip                    r,
/usr/syno/etc/private/smbpass                         r,
/usr/syno/etc/private/trust_domain_info               r,
/etc/samba/smbinfo.conf                               r,

# samba run time read file
/usr/share/samba/codepages/upcase.dat                 rm,
/usr/share/samba/codepages/lowcase.dat                rm,

# sdk plugins
/usr{,/local}/libexec/dirsvs_db_refresh/{,*}        rix,

# vim:ft=apparmor