From a7b1aaa07aa1a95149db21c7d7abbdc5c9040f9c Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 30 Jul 2014 12:50:56 +0200 Subject: [PATCH] AppArmor profile for qutebrowser --- contrib/apparmor/usr.local.bin.qutebrowser | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 contrib/apparmor/usr.local.bin.qutebrowser diff --git a/contrib/apparmor/usr.local.bin.qutebrowser b/contrib/apparmor/usr.local.bin.qutebrowser new file mode 100644 index 000000000..df3b86ea8 --- /dev/null +++ b/contrib/apparmor/usr.local.bin.qutebrowser @@ -0,0 +1,62 @@ +# AppArmor profile for qutebrowser +# Tested on Debian jessie + +#include + +/usr/local/bin/qutebrowser { + + #include + capability dac_override, + + /etc/localtime r, + /etc/ld.so.cache r, + /etc/locale.alias r, + /etc/fonts/fonts.conf r, + /etc/fonts/conf.d/ r, + /etc/fonts/conf.d/* r, + /etc/fonts/conf.avail/* r, + /etc/ssl/openssl.cnf r, + /etc/nsswitch.conf r, + /etc/resolv.conf r, + /etc/host.conf r, + /etc/gai.conf r, + /etc/hosts r, + /etc/passwd r, + /etc/ssl/certs/ r, + + /usr/local/bin/ r, + /usr/local/bin/qutebrowser rix, + /usr/local/lib/python3.4/** r, + /usr/local/share/fonts/ r, + /usr/share/fonts/ r, + /usr/share/fonts/** r, + /usr/share/fontconfig/** r, + /usr/share/poppler/** r, + /usr/share/mime/** r, + /usr/share/ca-certificates/** r, + /usr/lib/x86_64-linux-gnu/** mr, + /usr/lib/mozilla/plugins/ r, + /usr/lib/gstreamer-0.10/ r, + /usr/lib/flashplugin-nonfree/libflashplayer.so mr, + /usr/lib/locale/locale-archive r, + /lib/x86_64-linux-gnu/* mr, + /var/cache/fontconfig/** r, + /proc/meminfo r, + /proc/** r, + /dev/urandom r, + /sys/devices/system/cpu/online r, + + /usr/lib/python3/ mr, + /usr/lib/python3/** mr, + /usr/lib/python3.4/ r, + /usr/lib/python3.4/** mr, + /usr/bin/python3.4 r, + + @{HOME}/.Xauthority r, + @{HOME}/.config/** krw, + @{HOME}/.local/** krw, + @{HOME}/.cache/** krw, + @{HOME}/.gstreamer-0.10/* krw, + +} +