[apparmor] [profile] for usr.lib.chromium.chromium
Aaron Lewis
the.warl0ck.1989 at gmail.com
Tue Jan 8 14:23:40 UTC 2013
Here I attached profile for usr.lib.chromium.chromium
Plus mozilla plugin support, gtalk plugin support
(adjust your installation path if not /opt/google/talkplugin/)
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
-------------- next part --------------
# Last Modified: Tue Jan 8 21:47:43 2013
#include <tunables/global>
/usr/lib/chromium/chromium {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/dbus>
#include <abstractions/freedesktop.org>
capability dac_override,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
/home/*/.Xauthority r,
/home/*/.cache/fontconfig/* mr,
/home/*/.fonts/ r,
/home/*/.gtkrc-2.0 r,
/usr/bin/lsb_release rix,
/opt/google/talkplugin/** r,
/opt/google/talkplugin/{lib/*.so,*.so} rm,
owner @{HOME}/.mozilla/plugins/{**,} r,
owner @{HOME}/.local/share/mime/** rm,
owner @{HOME}/.cache/chromium/** rwm,
owner @{HOME}/.pki/nssdb/{**,r} rkw,
owner @{HOME}/.config/chromium/** rwkm,
owner /tmp/** rlkw,
/dev/shm/.org.chromium.Chromium.* rmkw,
# WTF?
/usr/share/fonts/** rm,
/usr/share/icons/** rm,
/usr/share/mime/** rm,
/usr/local/share/mime/mime.cache rm,
/run/udev/data/* r,
/sys/devices/virtual/block/*/{removable,uevent} r,
/proc/ r,
/proc/*/ r,
/proc/*/fd/ r,
/proc/*/oom_score_adj w,
/proc/*/statm r,
/proc/*/status r,
/proc/*/task/*/stat r,
/proc/*/task/ r,
/proc/cpuinfo r,
/proc/meminfo r,
/proc/sys/kernel/shmmax r,
/sys/bus/pci/devices/ r,
/sys/devices/pci0000:00/** r,
/sys/devices/system/cpu/** r,
/usr/lib/chromium/chromium mrix,
/usr/lib/chromium/chromium-sandbox rix,
/usr/lib/chromium/nacl_helper_bootstrap rix,
/usr/lib{,32,64}/** mr,
/usr/share/hwdata/* r,
/etc/udev/udev.conf r,
}
More information about the AppArmor
mailing list