felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

apparmor.d -> profiles

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-01 16:02:59 +01:00
parent c408a878b7
commit e9b8e62fcd
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
726 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
profiles/abstractions/base.d/complete Normal file
View file

@ -0,0 +1,26 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov
# 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
/etc/writable/localtime r,
/usr/share/locale/ r,
# Allow to receive some signals
signal (receive) peer=top,
signal (receive) peer=htop,
signal (receive) set=(term,kill,stop,cont) peer=systemd-shutdown,
signal (receive) set=(term,kill) peer=openbox,
signal (receive) set=(hup) peer=xinit,
signal (receive) set=(term,kill) peer=su,
signal (receive) peer=sudo,
# Allow to write a user defined fifo log devices
owner /dev/log-xsession w,
owner /dev/log-gnupg w,
deny owner @{HOME}/.Private/ r,
deny owner @{HOME}/.Private/** mrixwlk,
deny owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
deny owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,