subject /usr/sbin/apache-ssl
        /lib                                    rx
        /proc/sys/kernel/version                r
        /usr/lib                                rx
        /usr/sbin/apache-ssl                    x
        /usr/share/misc/file/magic.mime         r
        /usr/share/zoneinfo/Europe/Paris        r
        /etc/apache-ssl                         rx
        /var/log/apache-ssl/access.log          a
        /var/log/apache-ssl/audit.log           rw
        /var/log/apache-ssl/error.log           a
        /var/log/apache-ssl/modsec_debug.log    a
        /var/log/apache-ssl/ssl.log             a
        /var/www                        
        /dev/null                               rw
        /dev/urandom                            r
        /dev/log                                h
        +CAP_ALL
        bind 84.14.13.131/32:443                stream tcp
        connect 0.0.0.0/0:53                    dgram udp
        connect 192.168.0.0/24:80               stream tcp
        connect 192.168.1.0/24:80               stream tcp
        /var/run/gcache_port                    rw

subject /usr/lib/apache-ssl/gcache 
user_transition_allow root www-data
        /                                       h
        /etc/ld.so.cache                        r
        /lib                                    rx
        /proc/sys/kernel/version                r
        /usr/lib                                rx
        /usr/share/zoneinfo/Europe/Paris        r
        /var/run/gcache_port                    wcd
        -CAP_ALL
        +CAP_CHOWN
        +CAP_SETUID
        bind    disabled
        connect disabled