qutebrowser/misc/apparmor/usr.bin.qutebrowser

# AppArmor profile for qutebrowser
# Tested on Debian jessie

#include <tunables/global>

profile qutebrowser /usr/{local/,}bin/qutebrowser {

    #include <abstractions/base>
    #include <abstractions/nameservice>
    #include <abstractions/openssl>
    #include <abstractions/ssl_certs>
    #include <abstractions/audio>
    #include <abstractions/fonts>
    #include <abstractions/kde>
    #include <abstractions/user-download>
    #include <abstractions/X>

    capability dac_override,

    /usr/{local/,}bin/ r,
    /usr/{local/,}bin/qutebrowser rix,
    /usr/bin/python3.? r,

    /usr/lib/python3/ mr,
    /usr/lib/python3/** mr,
    /usr/lib/python3.?/ r,
    /usr/lib/python3.?/** mr,
    /usr/local/lib/python3.?/** r,

    /proc/*/mounts r,
    owner /tmp/** rwkl,
    owner /run/user/*/ rw,
    owner /run/user/*/** krw,

    @{HOME}/.config/qutebrowser/** krw,
    @{HOME}/.local/share/qutebrowser/** krw,
    @{HOME}/.cache/qutebrowser/** krw,
    @{HOME}/.gstreamer-0.10/* r,

}
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00			`# AppArmor profile for qutebrowser`
			`# Tested on Debian jessie`

			`#include <tunables/global>`

allow for local and systemwide installations 2014-08-27 13:10:06 +02:00			`profile qutebrowser /usr/{local/,}bin/qutebrowser {`
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00
improved AppArmor profile 2014-08-27 12:10:35 +02:00			`#include <abstractions/base>`
and even bettererer 2014-08-27 12:29:03 +02:00			`#include <abstractions/nameservice>`
+ssl-abstractions, -proc +tmp 2014-08-27 12:45:07 +02:00			`#include <abstractions/openssl>`
			`#include <abstractions/ssl_certs>`
improved AppArmor profile 2014-08-27 12:10:35 +02:00			`#include <abstractions/audio>`
			`#include <abstractions/fonts>`
			`#include <abstractions/kde>`
			`#include <abstractions/user-download>`
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00			`#include <abstractions/X>`
improved AppArmor profile 2014-08-27 12:10:35 +02:00
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00			`capability dac_override,`

allow for local and systemwide installations 2014-08-27 13:10:06 +02:00			`/usr/{local/,}bin/ r,`
			`/usr/{local/,}bin/qutebrowser rix,`
make it better and better 2014-08-27 12:20:48 +02:00			`/usr/bin/python3.? r,`
improved AppArmor profile 2014-08-27 12:10:35 +02:00
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00			`/usr/lib/python3/ mr,`
			`/usr/lib/python3/** mr,`
make python matching version independent 2014-08-27 12:16:57 +02:00			`/usr/lib/python3.?/ r,`
			`/usr/lib/python3.?/** mr,`
make it better and better 2014-08-27 12:20:48 +02:00			`/usr/local/lib/python3.?/** r,`
+ssl-abstractions, -proc +tmp 2014-08-27 12:45:07 +02:00
allow detection of /tmp 2014-08-27 12:50:33 +02:00			`/proc/*/mounts r,`
allow only to read/write own files 2014-08-27 13:01:13 +02:00			`owner /tmp/** rwkl,`
making userid wildcardish 2015-09-15 10:11:06 +02:00			`owner /run/user/*/ rw,`
			`owner /run/user//* krw,`
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00
improved AppArmor profile 2014-08-27 12:10:35 +02:00			`@{HOME}/.config/qutebrowser/** krw,`
			`@{HOME}/.local/share/qutebrowser/** krw,`
			`@{HOME}/.cache/qutebrowser/** krw,`
			`@{HOME}/.gstreamer-0.10/* r,`
AppArmor profile for qutebrowser 2014-07-30 12:50:56 +02:00
			`}`