95 lines
3.2 KiB
Text
95 lines
3.2 KiB
Text
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
# Define some some commonly used programs. This is not an exhaustive list.
|
|
# It is meant to label programs to easily provide access in profiles.
|
|
|
|
# All variables that refer to a program name should have the `_name` suffix.
|
|
# variables that refer to a list of progran should have the `_names` suffix.
|
|
# @{sh}, @{shells}, and @{coreutils} are the only exceptions.
|
|
|
|
# Default distribution shells
|
|
@{sh} = sh bash dash
|
|
|
|
# All interactive shells users may want to use
|
|
@{shells} = sh zsh bash dash fish rbash ksh tcsh csh
|
|
|
|
# Coreutils programs that should not have dedicated profile. Also includes findutils and diffutils.
|
|
@{coreutils} = {,g,m}awk b2sum base32 base64 basename basenc cat chcon chgrp chmod chown
|
|
@{coreutils} += cksum cmp comm cp csplit cut date dd df dir dircolors dirname diff diff3 du echo env expand
|
|
@{coreutils} += expr factor false find fmt fold {,e,f}grep head hostid id install join link
|
|
@{coreutils} += ln locate logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup nproc numfmt
|
|
@{coreutils} += od paste pathchk pinky pr printenv printf ptx pwd readlink realpath rm rmdir
|
|
@{coreutils} += runcon sdiff sed seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep
|
|
@{coreutils} += sort split stat stdbuf stty sum tac tail tee test timeout touch tr true
|
|
@{coreutils} += truncate tsort tty uname unexpand uniq unlink updatedb vdir wc who whoami xargs yes
|
|
|
|
# Python interpreters
|
|
@{python_version} = 3 3.[0-9] 3.1[0-9]
|
|
@{python_name} = python python@{python_version}
|
|
|
|
# Open
|
|
@{open_names} = exo-open xdg-open gio kde-open gio-launch-desktop
|
|
|
|
# Editor
|
|
@{editor_names} = sensible-editor vim{,.*} nvim nano
|
|
|
|
# Pager
|
|
@{pager_names} = sensible-pager pager less more nvimpager
|
|
|
|
# Browsers
|
|
|
|
@{brave_name} = brave{,-beta,-dev,-bin}
|
|
@{brave_lib_dirs} = /opt/brave{-bin,.com}{,/@{brave_name}}
|
|
|
|
@{chrome_name} = chrome{,-beta,-stable,-unstable}
|
|
@{chrome_lib_dirs} = /opt/google/@{chrome_name}
|
|
|
|
@{chromium_name} = chromium
|
|
@{chromium_lib_dirs} = @{lib}/@{chromium_name}
|
|
|
|
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
|
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
|
|
|
@{opera_name} = opera{,-beta,-developer}
|
|
@{opera_lib_dirs} = @{lib}/@{multiarch}/@{opera_name}
|
|
|
|
@{msedge_name} = msedge{,-beta,-dev}
|
|
@{msedge_lib_dirs} = /opt/microsoft/@{msedge_name}
|
|
|
|
@{torbrowser_name} = torbrowser "tor browser"
|
|
@{torbrowser_lib_dirs} = @{HOME}/.tb/tor-browser/Browser/
|
|
|
|
# Emails
|
|
|
|
@{thunderbird_name} = thunderbird{,-bin}
|
|
@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
|
|
|
|
@{emails_names} = evolution geary
|
|
|
|
# File explorers
|
|
@{file_explorers_names} = dolphin nautilus thunar
|
|
|
|
# Text editors
|
|
@{text_editors_names} = code gedit mousepad gnome-text-editor zeditor zedit zed-cli
|
|
|
|
# Document viewers
|
|
@{document_viewers_names} = evince okular *{F,f}oliate YACReader
|
|
|
|
# Image viewers
|
|
@{image_viewers_names} = eog loupe ristretto
|
|
|
|
# Archive viewers
|
|
@{archive_viewers_names} = engrampa file-roller xarchiver
|
|
|
|
# Office suites
|
|
@{offices_names} = libreoffice soffice
|
|
|
|
# Help
|
|
@{help_names} = yelp
|
|
|
|
# Terminal emulator
|
|
@{terminal_name} = kgx terminator konsole
|
|
|
|
# vim:syntax=apparmor
|