Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
97 lines (84 sloc) 2.56 KB
#
# AppArmor Pidgin profile for Ubuntu 11.04 Natty
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
#include <tunables/global>
/usr/bin/pidgin {
#include <abstractions/audio>
#include <abstractions/aspell>
#include <abstractions/bash>
#include <abstractions/consoles>
#include <abstractions/dbus>
#include <abstractions/dbus-session>
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/launchpad-integration>
#include <abstractions/python>
#include <abstractions/private-files>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/user-download>
#include <abstractions/ubuntu-browsers>
#capability sys_ptrace,
#owner @{HOME}/ r,
owner @{HOME}/.config/enchant/ rw,
owner @{HOME}/.config/enchant/* rwk,
owner @{HOME}/.thumbnails/normal/*.png r,
owner @{HOME}/.local/share/icons/ r,
owner @{HOME}/.local/share/mime/* r,
owner @{HOME}/.gnome2/nautilus-sendto/** rw,
owner @{HOME}/.gstreamer*/ rw,
owner @{HOME}/.gstreamer*/** rw,
owner @{HOME}/.pulse/ rw,
owner @{HOME}/.pulse/** rw,
owner @{HOME}/.pulse-cookie rwk,
owner @{HOME}/.purple/ rw,
owner @{HOME}/.purple/** rwk,
# network code
# Only allow tcp - set a global proxy to hit only Tor
network inet stream, # tcp stream
# No ipv4 udp
deny network inet dgram, # udp
# No ipv6 tcp/udp
deny network inet6 stream, # tcp
deny network inet6 dgram, # udp
#/bin/dash rix,
/etc/ r,
/etc/pulse/client.conf r,
/dev/shm/ r,
owner /dev/shm/* rw,
owner /tmp/orbit-*/* w,
owner /tmp/pulse-*/* w,
owner /tmp/orcexec.* m,
owner @{PROC}/[0-9]*/fd/ r,
# Investigation
#audit /sys/ r,
#audit /sys/** r,
/usr/bin/gconftool-2 rix,
/usr/bin/gnome-default-applications-properties ix,
/usr/bin/gnome-network-preferences ix,
/usr/bin/gnome-open rmix,
/usr/bin/pidgin r,
/usr/bin/xdg-open rmix,
/usr/lib/ r,
/usr/lib/libvisual-*/**.so rm,
/usr/lib/pidgin/*.so rm,
/usr/lib/purple*/*.so rm,
/usr/share/ca-certificates/*/** r,
/usr/share/enchant/enchant.ordering r,
/usr/share/locale-langpack/** rm,
/usr/share/purple/ca-certs/ r,
/usr/share/purple/ca-certs/** r,
/usr/share/myspell/dicts/ r,
/usr/share/myspell/dicts/** r,
/usr/share/tcltk/** r,
/usr/share/hunspell/ r,
/usr/share/hunspell/** r,
/usr/share/themes/ r,
/usr/share/themes/** r,
# abstraction/python misses this
/usr/include/python2.7/** r,
}