AppArmor profile for qutebrowser

contrib/apparmor/usr.local.bin.qutebrowser

@@ -0,0 +1,62 @@
+# AppArmor profile for qutebrowser
+# Tested on Debian jessie
+
+#include <tunables/global>
+
+/usr/local/bin/qutebrowser {
+
+    #include <abstractions/X>
+    capability dac_override,
+
+    /etc/localtime r,
+    /etc/ld.so.cache r,
+    /etc/locale.alias r,
+    /etc/fonts/fonts.conf r,
+    /etc/fonts/conf.d/ r,
+    /etc/fonts/conf.d/* r,
+    /etc/fonts/conf.avail/* r,
+    /etc/ssl/openssl.cnf r,
+    /etc/nsswitch.conf r,
+    /etc/resolv.conf r,
+    /etc/host.conf r,
+    /etc/gai.conf r,
+    /etc/hosts r,
+    /etc/passwd r,
+    /etc/ssl/certs/ r,
+
+    /usr/local/bin/ r,
+    /usr/local/bin/qutebrowser rix,
+    /usr/local/lib/python3.4/** r,
+    /usr/local/share/fonts/ r,
+    /usr/share/fonts/ r,
+    /usr/share/fonts/** r,
+    /usr/share/fontconfig/** r,
+    /usr/share/poppler/** r,
+    /usr/share/mime/** r,
+    /usr/share/ca-certificates/** r,
+    /usr/lib/x86_64-linux-gnu/** mr,
+    /usr/lib/mozilla/plugins/ r,
+    /usr/lib/gstreamer-0.10/ r,
+    /usr/lib/flashplugin-nonfree/libflashplayer.so mr,
+    /usr/lib/locale/locale-archive r,
+    /lib/x86_64-linux-gnu/* mr,
+    /var/cache/fontconfig/** r,
+    /proc/meminfo r,
+    /proc/** r,
+    /dev/urandom r,
+    /sys/devices/system/cpu/online r,
+
+    /usr/lib/python3/ mr,
+    /usr/lib/python3/** mr,
+    /usr/lib/python3.4/ r,
+    /usr/lib/python3.4/** mr,
+    /usr/bin/python3.4 r,
+
+    @{HOME}/.Xauthority r,
+    @{HOME}/.config/** krw,
+    @{HOME}/.local/** krw,
+    @{HOME}/.cache/** krw,
+    @{HOME}/.gstreamer-0.10/* krw,
+
+}
+