felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create child-vim

Browse source
This commit is contained in:
maplemanuka 2023-11-01 07:51:22 +00:00 committed by GitHub
parent 4df3f2e52f
commit 8d2d972201
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

42
child-vim Normal file
View file

@ -0,0 +1,42 @@
#vim:syntax=apparmor
#AppArmor policy abstraction for child profiles of vim
#Copyright (C) 2023 Andy Ramos <public@gracelesslady.art>
#SPDX-License-Identifier: GPL-2.0-only
include <abstractions/base>
include <abstractions/nameservice-strict>
@{bin}/@{unix_shell} rix,
@{bin}/nvim mrix,
@{bin}/vi mrix,
@{bin}/vim{,.{basic,tiny}} mrix,
@{bin}/xclip rPx,
/etc/vim/{,**} r,
/etc/vimrc r,
/usr/share/terminfo/x/xterm-256color r,
/usr/share/{,n}vim/{,**} r,
owner @{HOME}/.fzf/plugin/ r,
owner @{HOME}/.fzf/plugin/{,fzf.vim} r,
owner @{HOME}/.viminf{o,z}{,.tmp} rw,
owner @{HOME}/{,.}{,n}vim*/{,**} rw,
owner @{HOME}/.local/share/nvim/shada/main.shada rw,
owner @{HOME}/.local/share/nvim/shada/main.shada.tmp.a rw,
owner @{user_cache_dirs}/{,n}vim/{,**} rw,
owner @{user_config_dirs}/{,n}vim/{,**} r,
/tmp/ r,
/tmp/{,n}vim*/{,**} rw,
deny owner @{HOME}/ r,
/dev/tty rw,
# if you don't want to deny pts, then remove the line above and below, and:
# include <abstractions/consoles>
deny /dev/pts/[0-9] rw,
# Needed?
deny network inet stream,