Skip to content

Commit

Permalink
moved profile contents to etc/apparmor.d/abstractions/xchat-based
Browse files Browse the repository at this point in the history 
https://phabricator.whonix.org/T40
  • Loading branch information
Patrick Schleizer committed Jan 4, 2016
1 parent def9ad7 commit 253d79b
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 75 deletions.
75 changes: 75 additions & 0 deletions etc/apparmor.d/abstractions/xchat-based
View file
@@ -0,0 +1,75 @@
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/fonts>
#include <abstractions/kde>
#include <abstractions/gnome>
#include <abstractions/X>
#include <abstractions/audio>

deny @{PROC}/** r,

@{HOME}/ r,
@{HOME}/.config/** rwk,
@{HOME}/.xchat2/ r,
@{HOME}/.xchat2/** rwixk,
@{HOME}/.config/ r,
@{HOME}/.config/hexchat/ r,
@{HOME}/.config/hexchat/** rwixk,
@{HOME}/.kde/share/config/gtkrc-2.0 r,
@{HOME}/.kde/share/config/oxygenrc r,

/bin/grep rix,
/bin/uname rix,
/bin/mkdir rix,
/bin/rm rix,

/dev/tty rwix,

/etc/passwd r,
/etc/group r,
/etc/host.conf r,
/etc/gai.conf r,
/etc/nsswitch.conf r,
/etc/ld.so.cache r,
/etc/xdg/xfce4/helpers.rc r,
/etc/python2.7/sitecustomize.py r,

/lib/*-linux-gnu/** mr,

/usr/bin/xchat rix,
/usr/bin/xdg-open rix,
/usr/bin/dbus-send rix,
/usr/bin/xprop rix,
/usr/bin/exo-open rix,
/usr/bin/sensible-browser rix,
/usr/bin/zenity rix,
/usr/bin/torbrowser rix,
/usr/bin/basename rix,
/usr/bin/kde4-config rix,
/usr/bin/aplay rix,

/usr/lib/*-linux-gnu/** mrix,
/usr/lib/xchat/plugins/* mr,
/usr/lib/perl*/** mr,

/usr/local/lib/python2.7/dist-packages/ r,
/usr/local/lib/python2.7/dist-packages/* r,

/usr/share/icons/** r,
/usr/share/enchant/* r,
/usr/share/myspell/dicts/ r,
/usr/share/hunspell/ r,
/usr/share/hunspell/* r,
/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt r,
/usr/share/xfce4/helpers/* r,
/usr/share/zenity/* r,
/usr/share/fontconfig/conf.avail/* r,
/usr/share/poppler/cMap/ r,
/usr/share/poppler/cMap/** r,
/usr/share/perl*/** mr,
/usr/share/tcltk/tcl8.5/* r,
/usr/share/pyshared/* r,
/usr/share/aspell/ r,
/usr/share/aspell/** r,

/var/lib/aspell/* r,
76 changes: 1 addition & 75 deletions etc/apparmor.d/usr.bin.xchat
View file
Expand Up @@ -2,79 +2,5 @@
#include <tunables/global>

/usr/bin/xchat {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/fonts>
#include <abstractions/kde>
#include <abstractions/gnome>
#include <abstractions/X>
#include <abstractions/audio>

deny @{PROC}/** r,

@{HOME}/ r,
@{HOME}/.config/** rwk,
@{HOME}/.xchat2/ r,
@{HOME}/.xchat2/** rwixk,
@{HOME}/.config/ r,
@{HOME}/.config/hexchat/ r,
@{HOME}/.config/hexchat/** rwixk,
@{HOME}/.kde/share/config/gtkrc-2.0 r,
@{HOME}/.kde/share/config/oxygenrc r,

/bin/grep rix,
/bin/uname rix,
/bin/mkdir rix,
/bin/rm rix,

/dev/tty rwix,

/etc/passwd r,
/etc/group r,
/etc/host.conf r,
/etc/gai.conf r,
/etc/nsswitch.conf r,
/etc/ld.so.cache r,
/etc/xdg/xfce4/helpers.rc r,
/etc/python2.7/sitecustomize.py r,

/lib/*-linux-gnu/** mr,

/usr/bin/xchat rix,
/usr/bin/xdg-open rix,
/usr/bin/dbus-send rix,
/usr/bin/xprop rix,
/usr/bin/exo-open rix,
/usr/bin/sensible-browser rix,
/usr/bin/zenity rix,
/usr/bin/torbrowser rix,
/usr/bin/basename rix,
/usr/bin/kde4-config rix,
/usr/bin/aplay rix,

/usr/lib/*-linux-gnu/** mrix,
/usr/lib/xchat/plugins/* mr,
/usr/lib/perl*/** mr,

/usr/local/lib/python2.7/dist-packages/ r,
/usr/local/lib/python2.7/dist-packages/* r,

/usr/share/icons/** r,
/usr/share/enchant/* r,
/usr/share/myspell/dicts/ r,
/usr/share/hunspell/ r,
/usr/share/hunspell/* r,
/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt r,
/usr/share/xfce4/helpers/* r,
/usr/share/zenity/* r,
/usr/share/fontconfig/conf.avail/* r,
/usr/share/poppler/cMap/ r,
/usr/share/poppler/cMap/** r,
/usr/share/perl*/** mr,
/usr/share/tcltk/tcl8.5/* r,
/usr/share/pyshared/* r,
/usr/share/aspell/ r,
/usr/share/aspell/** r,

/var/lib/aspell/* r,
#include <abstractions/xchat-based>
}

0 comments on commit 253d79b

Please sign in to comment.