felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/child-vim
maplemanuka 8d2d972201
Create child-vim
2023-11-01 07:51:22 +00:00

42 lines
1.3 KiB
Text
Raw Blame History

#vim:syntax=apparmor
#AppArmor policy abstraction for child profiles of vim
#Copyright (C) 2023 Andy Ramos <public@gracelesslady.art>
#SPDX-License-Identifier: GPL-2.0-only
include <abstractions/base>
include <abstractions/nameservice-strict>
@{bin}/@{unix_shell} rix,
@{bin}/nvim mrix,
@{bin}/vi mrix,
@{bin}/vim{,.{basic,tiny}} mrix,
@{bin}/xclip rPx,
/etc/vim/{,**} r,
/etc/vimrc r,
/usr/share/terminfo/x/xterm-256color r,
/usr/share/{,n}vim/{,**} r,
owner @{HOME}/.fzf/plugin/ r,
owner @{HOME}/.fzf/plugin/{,fzf.vim} r,
owner @{HOME}/.viminf{o,z}{,.tmp} rw,
owner @{HOME}/{,.}{,n}vim*/{,**} rw,
owner @{HOME}/.local/share/nvim/shada/main.shada rw,
owner @{HOME}/.local/share/nvim/shada/main.shada.tmp.a rw,
owner @{user_cache_dirs}/{,n}vim/{,**} rw,
owner @{user_config_dirs}/{,n}vim/{,**} r,
/tmp/ r,
/tmp/{,n}vim*/{,**} rw,
deny owner @{HOME}/ r,
/dev/tty rw,
# if you don't want to deny pts, then remove the line above and below, and:
# include <abstractions/consoles>
deny /dev/pts/[0-9] rw,
# Needed?
deny network inet stream,
Reference in a new issue View git blame Copy permalink