[apparmor] Some new profiles

artiom artiom14 at yandex.ru
Tue Jun 27 20:16:55 UTC 2017 

geeqie image viewer and linuxdcpp.

P.S.:
IDK, maybe some of them aren't new.
-------------- next part --------------
# Last Modified: Mon Mar 18 23:57:28 2013
#include <tunables/global>

/usr/bin/linuxdcpp flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/nameservice>

  /usr/bin/linuxdcpp mr,
 
 
   /etc/passwd r,
#ABSTR.
   owner @{HOME}/.Xauthority r,
#+  /home/*/.config/gtk-2.0/gtkfilechooser.ini r,
#+  /home/*/.config/user-dirs.dirs r,
   owner "@{HOME}/.dc++/"  rwk,
   owner "@{HOME}/.dc++/**"  rwlmk,
#+  /usr/share/icons/oxy-black/cursors/wait r,
  /usr/share/linuxdcpp/    rk,
  /usr/share/linuxdcpp/**  rmk,
}
-------------- next part --------------
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2006 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

/etc/cron.daily/logrotate {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/nameservice>

  /{usr/,}bin/bash mixr,
  /{usr/,}bin/cat mixr,
  /{usr/,}bin/gzip mixr,
  /{usr/,}bin/kill mixr,
  /{usr/,}bin/logger mixr,
  /{usr/,}bin/true mixr,
  /etc/init.d/* mixr,
  /usr/bin/killall mixr,
  /usr/sbin/logrotate mixr,

  /var/log      r,
  /var/log/**   wrl,

  /var/lib/privoxy/log/**  rwl,
  /var/lib64/privoxy/log/**  rwl,

  / r,
  /dev/tty wr,
  /etc/cron.daily/logrotate r,
  /etc/logrotate.conf r,
  /etc/logrotate.d r,
  /etc/logrotate.d/* r,
  /etc/subdomain.d r,
  @{PROC} r,
  @{PROC}/@{pid} r,
  /tmp w,
  /tmp/file* wl,
  /tmp/logrot* wlr,
  /var/lib/logrotate.status wr,
  /{run,var}/lock/samba r,
  /{,var/}run/httpd.pid r,
  /{,var/}run/syslogd.pid r,
  /var/spool/slrnpull wr,
  /var/spool/slrnpull/log* wrl,
}
-------------- next part --------------
# Last Modified: Mon May 21 13:58:10 2012
#include <tunables/global>

/usr/bin/geeqie flags=(complain) {
  #include <abstractions/base>


  deny /etc/passwd r,

  /etc/nsswitch.conf r,
  /home/*/.Xauthority r,
  /home/*/.config/geeqie/* rw,
  /home/*/.icons/** r,
  /home/*/.kde/share/config/gtkrc-2.0 r,
  /usr/bin/geeqie-standard mr,
  /usr/share/icons/** r,
  /usr/share/themes/** r,

}

More information about the AppArmor mailing list