This file is indexed.

/etc/apparmor.d/usr.sbin.squid is in squid 3.5.27-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Author: Simon Deziel
#         Jamie Strandboge
# vim:syntax=apparmor
#include <tunables/global>

/usr/sbin/squid {
  #include <abstractions/base>
  #include <abstractions/kerberosclient>
  #include <abstractions/nameservice>

  capability net_raw,
  capability setuid,
  capability setgid,
  capability sys_chroot,

  # allow child processes to run execvp(argv[0], [kidname, ...])
  /usr/sbin/squid ix,

  # pinger
  network inet raw,
  network inet6 raw,

  /etc/mtab r,
  @{PROC}/[0-9]*/mounts r,
  @{PROC}/mounts r,

  # squid3 configuration
  /etc/squid/** r,
  /{,var/}run/squid.pid rwk,
  /var/spool/squid/ r,
  /var/spool/squid/** rwk,
  /usr/lib/squid{,3}/* rmix,
  /usr/share/squid/** r,
  /var/log/squid/* rw,

  # squid-langpack
  /usr/share/squid-langpack/** r,

  # maas-proxy
  /var/lib/maas/maas-proxy.conf r,
  /var/log/maas/proxy/** rw,
  /var/spool/maas-proxy/ r,
  /var/spool/maas-proxy/** rwk,

  # squid-deb-proxy
  /etc/squid-deb-proxy/** r,
  /{,var/}run/squid-deb-proxy.pid rwk,
  /var/cache/squid-deb-proxy/ r,
  /var/cache/squid-deb-proxy/** rwk,
  /var/log/squid-deb-proxy/* rw,
  owner /dev/shm/** rmw,

  # squidguard
  /usr/bin/squidGuard Cx -> squidguard,
  profile squidguard {
    #include <abstractions/base>

    /etc/squid/squidGuard.conf r,
    /var/log/squid{,3}/squidGuard.log w,
    /var/lib/squidguard/** rw,

    # squidguard by default uses /var/log/squid as its logdir, however, we
    # don't want it to access squid's logs, only its own. Explicitly deny
    # access to squid's files but allow all others since the user may specify
    # anything for the squidGurad 'log' directive.
    /var/log/squid{,3}/* rw,
    audit deny /var/log/squid{,3}/{access,cache,store}.log* rw,

    # Site-specific additions and overrides. See local/README for details.
    #include <local/usr.sbin.squid>
  }

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.squid>
}