subject /usr/sbin/apache-ssl /lib rx /proc/sys/kernel/version r /usr/lib rx /usr/sbin/apache-ssl x /usr/share/misc/file/magic.mime r /usr/share/zoneinfo/Europe/Paris r /etc/apache-ssl rx /var/log/apache-ssl/access.log a /var/log/apache-ssl/audit.log rw /var/log/apache-ssl/error.log a /var/log/apache-ssl/modsec_debug.log a /var/log/apache-ssl/ssl.log a /var/www /dev/null rw /dev/urandom r /dev/log h +CAP_ALL bind 84.14.13.131/32:443 stream tcp connect 0.0.0.0/0:53 dgram udp connect 192.168.0.0/24:80 stream tcp connect 192.168.1.0/24:80 stream tcp /var/run/gcache_port rw subject /usr/lib/apache-ssl/gcache user_transition_allow root www-data / h /etc/ld.so.cache r /lib rx /proc/sys/kernel/version r /usr/lib rx /usr/share/zoneinfo/Europe/Paris r /var/run/gcache_port wcd -CAP_ALL +CAP_CHOWN +CAP_SETUID bind disabled connect disabled