# nice in the future, but is tricky since it's quite configurable), but to
# confine the processes it calls that parse untrusted data.
/** mrixwlk,
+ unix,
capability setuid,
capability setgid,
- signal peer=man_groff,
- signal peer=man_filter,
+ signal peer=@{profile_name},
+ signal peer=/usr/bin/man//&man_groff,
+ signal peer=/usr/bin/man//&man_filter,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.man>
/usr/share/groff/** r,
signal peer=/usr/bin/man,
+ # @{profile_name} doesn't seem to work here.
+ signal peer=/usr/bin/man//&man_groff,
}
profile man_filter {
/** r,
signal peer=/usr/bin/man,
+ # @{profile_name} doesn't seem to work here.
+ signal peer=/usr/bin/man//&man_filter,
}