# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2024 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

abi <abi/4.0>,

include <tunables/global>

profile ospfd /usr/lib/frr/ospfd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>
  include <abstractions/frr-snmp>

  capability net_raw,
  capability sys_admin,

  @{run}/netns/* r,

  @{run}/frr/ospfd-gr.json w,

  /var/lib/frr/ r,
  /var/lib/frr/ospfd.json{,.sav} rw,

  # For OSPFv3
  owner /var/tmp/frr/ospfd-3.@{pid}/ w,
  owner /var/tmp/frr/ospfd-3.@{pid}/crashlog w,
  owner /var/tmp/frr/ospfd-3.@{pid}/logbuf.@{tid} rw,

  @{run}/frr/ospfd-3.pid rwk,
  @{run}/frr/ospfd-3.vty rw,
  @{run}/frr/ospfd-3.json{,.sav} rw,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/ospfd>
}
