← Back to branch summary

~jpds/apparmor/pidgin-profile 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

# 
#    AppArmor Pidgin profile for Ubuntu 9.04 Jaunty
#    
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#

#include <tunables/global>
/usr/bin/pidgin {
	#include <abstractions/audio>
	#include <abstractions/aspell>
	#include <abstractions/base>
	#include <abstractions/bash>
	#include <abstractions/consoles>
	#include <abstractions/dbus>
	#include <abstractions/fonts>
	#include <abstractions/freedesktop.org>
	#include <abstractions/gnome>
	#include <abstractions/nameservice>
	#include <abstractions/launchpad-integration>
	#include <abstractions/user-download>
	#include <abstractions/user-tmp>
	#include <abstractions/X>

	capability sys_ptrace,

	deny @{HOME}/.bash* rw,
	deny @{HOME}/.cshrc rw,
	deny @{HOME}/.profile rw,
	deny @{HOME}/.ssh/* rw,
	deny @{HOME}/.zshrc rw,

	owner @{HOME}/.config/enchant/ rw,
	owner @{HOME}/.config/enchant/* rwk,
	owner @{HOME}/.local/share/icons/ r,
	owner @{HOME}/.local/share/mime/* r,
	owner @{HOME}/.gnome2/nautilus-sendto/** rw,
	owner @{HOME}/.gstreamer*/ rw,
	owner @{HOME}/.gstreamer*/** rw,
	owner @{HOME}/.pulse/ rw,
	owner @{HOME}/.pulse/** rw,
	owner @{HOME}/.pulse-cookie rwk,
	owner @{HOME}/.purple/ rw,
	owner @{HOME}/.purple/** rwk,

	/bin/dash rix,

	/dev/shm/ r,
	/dev/shm/* rw,

	/etc/ r,
	/etc/pulse/client.conf r,
	/etc/ssl/certs/ r,
	/etc/ssl/certs/ssl-cert-snakeoil.pem r,

	owner /tmp/orbit-*/* w,
	owner /tmp/pulse-*/* w,

	/usr/bin/gconftool-2 rix,
	/usr/bin/gnome-default-applications-properties ix,
	/usr/bin/gnome-network-preferences ix,
	/usr/bin/gnome-open rmix,
	/usr/bin/pidgin r,
	/usr/bin/xdg-open rmix,

	/usr/lib/ r,
	/usr/lib/firefox-*/firefox.sh Px,
	/usr/lib/libvisual-*/**.so rm,
	/usr/lib/pidgin/*.so rm,
	/usr/lib/purple*/*.so rm,

	/usr/share/ca-certificates/*/** r,
	/usr/share/enchant/enchant.ordering r,
	/usr/share/locale-langpack/** rm,
	/usr/share/purple/ca-certs/ r,
	/usr/share/purple/ca-certs/** r,
	/usr/share/myspell/dicts/ r,
	/usr/share/myspell/dicts/** r,
	/usr/share/tcltk/** r,
}