[apparmor] [Merge] lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles
Steve Beattie
steve at nxnw.org
Thu Apr 14 20:35:53 UTC 2016
On Thu, Apr 14, 2016 at 07:09:24PM -0000, Serge Hallyn wrote:
> Yeah my main goal was to keep it from reading most of my own
> files. It runs as me so not very worried about system files.
> I did the MR to make myself follow up. I'll find time to
> tighten it down later.
Does this profile work for you?
# vim:syntax=apparmor
# Author: Serge Hallyn <serge.hallyn at ubuntu.com>
# Author: Steve Beattie <steve at nxnw.org>
#include <tunables/global>
/usr/bin/ttytter {
#include <abstractions/base>
#include <abstractions/dbus-session-strict>
#include <abstractions/fonts>
#include <abstractions/nameservice>
#include <abstractions/perl>
dbus (send)
bus=session
interface="org.freedesktop.Notifications"
member={GetServerInformation,Notify},
/bin/dash ixr,
/usr/bin/ttytter ixr,
/usr/bin/curl ixr,
/usr/bin/clear ixr,
/usr/bin/notify-send Pixr,
owner @{HOME}/.ttytter/** rw,
owner @{HOME}/.ttytterkey rw,
owner @{HOME}/.ttytterrc* rw,
owner @{HOME}/.inputrc r,
}
(Tested locally on xenial, but I haven't used ttytter in a long time.
Hrm, I guess I should submit my bitlbee profile, too.)
Here's a quickie notify-send profile I made while testing ttytter and
was trying to figure out why notifications don't work:
# Last Modified: Thu Apr 14 12:47:44 2016
#include <tunables/global>
/usr/bin/notify-send {
#include <abstractions/base>
#include <abstractions/dbus-session-strict>
dbus (send)
bus=session
interface="org.freedesktop.Notifications"
member={GetServerInformation,Notify},
/usr/bin/notify-send mr,
}
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160414/c4978f3b/attachment.pgp>
More information about the AppArmor
mailing list