~snappy-debug-developers/snappy-hub/snappy-debug

« back to all changes in this revision

Viewing changes to data/policy/classic/16/seccomp/browser-support

Committer: Alex Murray
Date: 2021-08-31 08:48:42 UTC
Revision ID: alex.murray@canonical.com-20210831084842-3e4td7zv2ux7s31s

Move to git

files added:
README.md

files removed:
README

bin/snappy-security

bin/snappy-security-scanlog

data

data/policy

data/policy/classic

data/policy/classic/16

data/policy/classic/16/apparmor

data/policy/classic/16/apparmor/account-control

data/policy/classic/16/apparmor/accounts-service

data/policy/classic/16/apparmor/adb-support

data/policy/classic/16/apparmor/allegro-vcu

data/policy/classic/16/apparmor/alsa

data/policy/classic/16/apparmor/appstream-metadata

data/policy/classic/16/apparmor/audio-playback

data/policy/classic/16/apparmor/audio-record

data/policy/classic/16/apparmor/autopilot-introspection

data/policy/classic/16/apparmor/avahi-control

data/policy/classic/16/apparmor/avahi-observe

data/policy/classic/16/apparmor/block-devices

data/policy/classic/16/apparmor/bluetooth-control

data/policy/classic/16/apparmor/bluez

data/policy/classic/16/apparmor/broadcom-asic-control

data/policy/classic/16/apparmor/browser-support

data/policy/classic/16/apparmor/calendar-service

data/policy/classic/16/apparmor/camera

data/policy/classic/16/apparmor/can-bus

data/policy/classic/16/apparmor/cifs-mount

data/policy/classic/16/apparmor/classic-support

data/policy/classic/16/apparmor/contacts-service

data/policy/classic/16/apparmor/core-support

data/policy/classic/16/apparmor/cpu-control

data/policy/classic/16/apparmor/cups-control

data/policy/classic/16/apparmor/daemon-notify

data/policy/classic/16/apparmor/dcdbas-control

data/policy/classic/16/apparmor/desktop

data/policy/classic/16/apparmor/desktop-legacy

data/policy/classic/16/apparmor/device-buttons

data/policy/classic/16/apparmor/display-control

data/policy/classic/16/apparmor/dm-crypt

data/policy/classic/16/apparmor/docker

data/policy/classic/16/apparmor/docker-support

data/policy/classic/16/apparmor/dvb

data/policy/classic/16/apparmor/firewall-control

data/policy/classic/16/apparmor/fpga

data/policy/classic/16/apparmor/framebuffer

data/policy/classic/16/apparmor/fuse-support

data/policy/classic/16/apparmor/fwupd

data/policy/classic/16/apparmor/gconf

data/policy/classic/16/apparmor/gpg-keys

data/policy/classic/16/apparmor/gpg-public-keys

data/policy/classic/16/apparmor/gpio-control

data/policy/classic/16/apparmor/gpio-memory-control

data/policy/classic/16/apparmor/greengrass-support

data/policy/classic/16/apparmor/gsettings

data/policy/classic/16/apparmor/hardware-observe

data/policy/classic/16/apparmor/hardware-random-control

data/policy/classic/16/apparmor/hardware-random-observe

data/policy/classic/16/apparmor/home

data/policy/classic/16/apparmor/hostname-control

data/policy/classic/16/apparmor/hugepages-control

data/policy/classic/16/apparmor/intel-mei

data/policy/classic/16/apparmor/io-ports-control

data/policy/classic/16/apparmor/jack1

data/policy/classic/16/apparmor/joystick

data/policy/classic/16/apparmor/juju-client-observe

data/policy/classic/16/apparmor/kernel-crypto-api

data/policy/classic/16/apparmor/kernel-module-control

data/policy/classic/16/apparmor/kernel-module-observe

data/policy/classic/16/apparmor/kubernetes-support

data/policy/classic/16/apparmor/kvm

data/policy/classic/16/apparmor/libvirt

data/policy/classic/16/apparmor/locale-control

data/policy/classic/16/apparmor/location-control

data/policy/classic/16/apparmor/location-observe

data/policy/classic/16/apparmor/log-observe

data/policy/classic/16/apparmor/login-session-control

data/policy/classic/16/apparmor/login-session-observe

data/policy/classic/16/apparmor/lxd

data/policy/classic/16/apparmor/lxd-support

data/policy/classic/16/apparmor/maliit

data/policy/classic/16/apparmor/media-control

data/policy/classic/16/apparmor/media-hub

data/policy/classic/16/apparmor/mir

data/policy/classic/16/apparmor/modem-manager

data/policy/classic/16/apparmor/mount-observe

data/policy/classic/16/apparmor/mpris

data/policy/classic/16/apparmor/multipass-support

data/policy/classic/16/apparmor/netlink-audit

data/policy/classic/16/apparmor/netlink-connector

data/policy/classic/16/apparmor/network

data/policy/classic/16/apparmor/network-bind

data/policy/classic/16/apparmor/network-control

data/policy/classic/16/apparmor/network-manager

data/policy/classic/16/apparmor/network-manager-observe

data/policy/classic/16/apparmor/network-observe

data/policy/classic/16/apparmor/network-setup-control

data/policy/classic/16/apparmor/network-setup-observe

data/policy/classic/16/apparmor/network-status

data/policy/classic/16/apparmor/ofono

data/policy/classic/16/apparmor/online-accounts-service

data/policy/classic/16/apparmor/opengl

data/policy/classic/16/apparmor/openvswitch

data/policy/classic/16/apparmor/openvswitch-support

data/policy/classic/16/apparmor/optical-drive

data/policy/classic/16/apparmor/packagekit-control

data/policy/classic/16/apparmor/password-manager-service

data/policy/classic/16/apparmor/personal-files

data/policy/classic/16/apparmor/physical-memory-control

data/policy/classic/16/apparmor/physical-memory-observe

data/policy/classic/16/apparmor/power-control

data/policy/classic/16/apparmor/ppp

data/policy/classic/16/apparmor/process-control

data/policy/classic/16/apparmor/ptp

data/policy/classic/16/apparmor/pulseaudio

data/policy/classic/16/apparmor/raw-input

data/policy/classic/16/apparmor/raw-usb

data/policy/classic/16/apparmor/removable-media

data/policy/classic/16/apparmor/screen-inhibit-control

data/policy/classic/16/apparmor/screencast-legacy

data/policy/classic/16/apparmor/sd-control

data/policy/classic/16/apparmor/shutdown

data/policy/classic/16/apparmor/snapd-control

data/policy/classic/16/apparmor/ssh-keys

data/policy/classic/16/apparmor/ssh-public-keys

data/policy/classic/16/apparmor/storage-framework-service

data/policy/classic/16/apparmor/system-backup

data/policy/classic/16/apparmor/system-files

data/policy/classic/16/apparmor/system-observe

data/policy/classic/16/apparmor/system-packages-doc

data/policy/classic/16/apparmor/system-source-code

data/policy/classic/16/apparmor/system-trace

data/policy/classic/16/apparmor/tee

data/policy/classic/16/apparmor/thumbnailer-service

data/policy/classic/16/apparmor/time-control

data/policy/classic/16/apparmor/timeserver-control

data/policy/classic/16/apparmor/timezone-control

data/policy/classic/16/apparmor/tpm

data/policy/classic/16/apparmor/u2f-devices

data/policy/classic/16/apparmor/ubuntu-download-manager

data/policy/classic/16/apparmor/udisks2

data/policy/classic/16/apparmor/uhid

data/policy/classic/16/apparmor/uinput

data/policy/classic/16/apparmor/unity7

data/policy/classic/16/apparmor/unity8

data/policy/classic/16/apparmor/unity8-calendar

data/policy/classic/16/apparmor/unity8-contacts

data/policy/classic/16/apparmor/upower-observe

data/policy/classic/16/apparmor/vcio

data/policy/classic/16/apparmor/wayland

data/policy/classic/16/apparmor/x11

data/policy/classic/16/seccomp

data/policy/classic/16/seccomp/account-control

data/policy/classic/16/seccomp/accounts-service

data/policy/classic/16/seccomp/adb-support

data/policy/classic/16/seccomp/alsa

data/policy/classic/16/seccomp/appstream-metadata

data/policy/classic/16/seccomp/audio-playback

data/policy/classic/16/seccomp/audio-record

data/policy/classic/16/seccomp/autopilot-introspection

data/policy/classic/16/seccomp/avahi-control

data/policy/classic/16/seccomp/avahi-observe

data/policy/classic/16/seccomp/block-devices

data/policy/classic/16/seccomp/bluetooth-control

data/policy/classic/16/seccomp/bluez

data/policy/classic/16/seccomp/broadcom-asic-control

data/policy/classic/16/seccomp/browser-support

data/policy/classic/16/seccomp/calendar-service

data/policy/classic/16/seccomp/camera

data/policy/classic/16/seccomp/can-bus

data/policy/classic/16/seccomp/cifs-mount

data/policy/classic/16/seccomp/classic-support

data/policy/classic/16/seccomp/contacts-service

data/policy/classic/16/seccomp/core-support

data/policy/classic/16/seccomp/cpu-control

data/policy/classic/16/seccomp/cups-control

data/policy/classic/16/seccomp/daemon-notify

data/policy/classic/16/seccomp/dcdbas-control

data/policy/classic/16/seccomp/desktop

data/policy/classic/16/seccomp/desktop-legacy

data/policy/classic/16/seccomp/device-buttons

data/policy/classic/16/seccomp/display-control

data/policy/classic/16/seccomp/dm-crypt

data/policy/classic/16/seccomp/docker

data/policy/classic/16/seccomp/docker-support

data/policy/classic/16/seccomp/dvb

data/policy/classic/16/seccomp/firewall-control

data/policy/classic/16/seccomp/framebuffer

data/policy/classic/16/seccomp/fuse-support

data/policy/classic/16/seccomp/fwupd

data/policy/classic/16/seccomp/gpg-keys

data/policy/classic/16/seccomp/gpg-public-keys

data/policy/classic/16/seccomp/gpio-control

data/policy/classic/16/seccomp/gpio-memory-control

data/policy/classic/16/seccomp/greengrass-support

data/policy/classic/16/seccomp/gsettings

data/policy/classic/16/seccomp/hardware-observe

data/policy/classic/16/seccomp/hardware-random-control

data/policy/classic/16/seccomp/hardware-random-observe

data/policy/classic/16/seccomp/home

data/policy/classic/16/seccomp/hostname-control

data/policy/classic/16/seccomp/intel-mei

data/policy/classic/16/seccomp/io-ports-control

data/policy/classic/16/seccomp/jack1

data/policy/classic/16/seccomp/joystick

data/policy/classic/16/seccomp/juju-client-observe

data/policy/classic/16/seccomp/kernel-crypto-api

data/policy/classic/16/seccomp/kernel-module-control

data/policy/classic/16/seccomp/kernel-module-observe

data/policy/classic/16/seccomp/kubernetes-support

data/policy/classic/16/seccomp/kvm

data/policy/classic/16/seccomp/libvirt

data/policy/classic/16/seccomp/locale-control

data/policy/classic/16/seccomp/location-control

data/policy/classic/16/seccomp/location-observe

data/policy/classic/16/seccomp/log-observe

data/policy/classic/16/seccomp/login-session-control

data/policy/classic/16/seccomp/login-session-observe

data/policy/classic/16/seccomp/lxd

data/policy/classic/16/seccomp/lxd-support

data/policy/classic/16/seccomp/maliit

data/policy/classic/16/seccomp/media-hub

data/policy/classic/16/seccomp/mir

data/policy/classic/16/seccomp/modem-manager

data/policy/classic/16/seccomp/mount-observe

data/policy/classic/16/seccomp/mpris

data/policy/classic/16/seccomp/multipass-support

data/policy/classic/16/seccomp/netlink-audit

data/policy/classic/16/seccomp/netlink-connector

data/policy/classic/16/seccomp/network

data/policy/classic/16/seccomp/network-bind

data/policy/classic/16/seccomp/network-control

data/policy/classic/16/seccomp/network-manager

data/policy/classic/16/seccomp/network-manager-observe

data/policy/classic/16/seccomp/network-observe

data/policy/classic/16/seccomp/network-setup-control

data/policy/classic/16/seccomp/network-setup-observe

data/policy/classic/16/seccomp/network-status

data/policy/classic/16/seccomp/ofono

data/policy/classic/16/seccomp/online-accounts-service

data/policy/classic/16/seccomp/opengl

data/policy/classic/16/seccomp/openvswitch

data/policy/classic/16/seccomp/openvswitch-support

data/policy/classic/16/seccomp/optical-drive

data/policy/classic/16/seccomp/packagekit-control

data/policy/classic/16/seccomp/password-manager-service

data/policy/classic/16/seccomp/personal-files

data/policy/classic/16/seccomp/physical-memory-control

data/policy/classic/16/seccomp/physical-memory-observe

data/policy/classic/16/seccomp/power-control

data/policy/classic/16/seccomp/ppp

data/policy/classic/16/seccomp/process-control

data/policy/classic/16/seccomp/pulseaudio

data/policy/classic/16/seccomp/raw-input

data/policy/classic/16/seccomp/raw-usb

data/policy/classic/16/seccomp/removable-media

data/policy/classic/16/seccomp/screen-inhibit-control

data/policy/classic/16/seccomp/screencast-legacy

data/policy/classic/16/seccomp/shutdown

data/policy/classic/16/seccomp/snapd-control

data/policy/classic/16/seccomp/ssh-keys

data/policy/classic/16/seccomp/ssh-public-keys

data/policy/classic/16/seccomp/storage-framework-service

data/policy/classic/16/seccomp/system-backup

data/policy/classic/16/seccomp/system-files

data/policy/classic/16/seccomp/system-observe

data/policy/classic/16/seccomp/system-trace

data/policy/classic/16/seccomp/thumbnailer-service

data/policy/classic/16/seccomp/time-control

data/policy/classic/16/seccomp/timeserver-control

data/policy/classic/16/seccomp/timezone-control

data/policy/classic/16/seccomp/tpm

data/policy/classic/16/seccomp/u2f-devices

data/policy/classic/16/seccomp/ubuntu-download-manager

data/policy/classic/16/seccomp/udisks2

data/policy/classic/16/seccomp/uhid

data/policy/classic/16/seccomp/unity7

data/policy/classic/16/seccomp/unity8

data/policy/classic/16/seccomp/unity8-calendar

data/policy/classic/16/seccomp/unity8-contacts

data/policy/classic/16/seccomp/upower-observe

data/policy/classic/16/seccomp/wayland

data/policy/classic/16/seccomp/x11

data/policy/core

data/policy/core/16

data/policy/core/16/apparmor

data/policy/core/16/apparmor/account-control

data/policy/core/16/apparmor/adb-support

data/policy/core/16/apparmor/allegro-vcu

data/policy/core/16/apparmor/alsa

data/policy/core/16/apparmor/audio-playback

data/policy/core/16/apparmor/audio-record

data/policy/core/16/apparmor/autopilot-introspection

data/policy/core/16/apparmor/avahi-control

data/policy/core/16/apparmor/avahi-observe

data/policy/core/16/apparmor/block-devices

data/policy/core/16/apparmor/bluetooth-control

data/policy/core/16/apparmor/bluez

data/policy/core/16/apparmor/broadcom-asic-control

data/policy/core/16/apparmor/browser-support

data/policy/core/16/apparmor/camera

data/policy/core/16/apparmor/can-bus

data/policy/core/16/apparmor/cifs-mount

data/policy/core/16/apparmor/classic-support

data/policy/core/16/apparmor/core-support

data/policy/core/16/apparmor/cpu-control

data/policy/core/16/apparmor/cups

data/policy/core/16/apparmor/cups-control

data/policy/core/16/apparmor/daemon-notify

data/policy/core/16/apparmor/dcdbas-control

data/policy/core/16/apparmor/device-buttons

data/policy/core/16/apparmor/display-control

data/policy/core/16/apparmor/docker

data/policy/core/16/apparmor/docker-support

data/policy/core/16/apparmor/dvb

data/policy/core/16/apparmor/firewall-control

data/policy/core/16/apparmor/fpga

data/policy/core/16/apparmor/framebuffer

data/policy/core/16/apparmor/fuse-support

data/policy/core/16/apparmor/fwupd

data/policy/core/16/apparmor/gpg-keys

data/policy/core/16/apparmor/gpg-public-keys

data/policy/core/16/apparmor/gpio-control

data/policy/core/16/apparmor/gpio-memory-control

data/policy/core/16/apparmor/greengrass-support

data/policy/core/16/apparmor/hardware-observe

data/policy/core/16/apparmor/hardware-random-control

data/policy/core/16/apparmor/hardware-random-observe

data/policy/core/16/apparmor/home

data/policy/core/16/apparmor/hostname-control

data/policy/core/16/apparmor/hugepages-control

data/policy/core/16/apparmor/intel-mei

data/policy/core/16/apparmor/io-ports-control

data/policy/core/16/apparmor/joystick

data/policy/core/16/apparmor/kernel-crypto-api

data/policy/core/16/apparmor/kernel-module-control

data/policy/core/16/apparmor/kernel-module-observe

data/policy/core/16/apparmor/kubernetes-support

data/policy/core/16/apparmor/kvm

data/policy/core/16/apparmor/location-control

data/policy/core/16/apparmor/location-observe

data/policy/core/16/apparmor/log-observe

data/policy/core/16/apparmor/login-session-control

data/policy/core/16/apparmor/login-session-observe

data/policy/core/16/apparmor/lxd

data/policy/core/16/apparmor/lxd-support

data/policy/core/16/apparmor/maliit

data/policy/core/16/apparmor/media-control

data/policy/core/16/apparmor/media-hub

data/policy/core/16/apparmor/mir

data/policy/core/16/apparmor/modem-manager

data/policy/core/16/apparmor/mount-observe

data/policy/core/16/apparmor/multipass-support

data/policy/core/16/apparmor/netlink-audit

data/policy/core/16/apparmor/netlink-connector

data/policy/core/16/apparmor/network

data/policy/core/16/apparmor/network-bind

data/policy/core/16/apparmor/network-control

data/policy/core/16/apparmor/network-manager

data/policy/core/16/apparmor/network-manager-observe

data/policy/core/16/apparmor/network-observe

data/policy/core/16/apparmor/network-setup-control

data/policy/core/16/apparmor/network-setup-observe

data/policy/core/16/apparmor/ofono

data/policy/core/16/apparmor/online-accounts-service

data/policy/core/16/apparmor/opengl

data/policy/core/16/apparmor/openvswitch-support

data/policy/core/16/apparmor/personal-files

data/policy/core/16/apparmor/physical-memory-control

data/policy/core/16/apparmor/physical-memory-observe

data/policy/core/16/apparmor/power-control

data/policy/core/16/apparmor/ppp

data/policy/core/16/apparmor/process-control

data/policy/core/16/apparmor/ptp

data/policy/core/16/apparmor/pulseaudio

data/policy/core/16/apparmor/raw-usb

data/policy/core/16/apparmor/removable-media

data/policy/core/16/apparmor/shutdown

data/policy/core/16/apparmor/snapd-control

data/policy/core/16/apparmor/ssh-keys

data/policy/core/16/apparmor/ssh-public-keys

data/policy/core/16/apparmor/storage-framework-service

data/policy/core/16/apparmor/system-backup

data/policy/core/16/apparmor/system-files

data/policy/core/16/apparmor/system-observe

data/policy/core/16/apparmor/system-source-code

data/policy/core/16/apparmor/system-trace

data/policy/core/16/apparmor/thumbnailer-service

data/policy/core/16/apparmor/time-control

data/policy/core/16/apparmor/timeserver-control

data/policy/core/16/apparmor/timezone-control

data/policy/core/16/apparmor/tpm

data/policy/core/16/apparmor/u2f-devices

data/policy/core/16/apparmor/ubuntu-download-manager

data/policy/core/16/apparmor/udisks2

data/policy/core/16/apparmor/uhid

data/policy/core/16/apparmor/uinput

data/policy/core/16/apparmor/unity8

data/policy/core/16/apparmor/unity8-calendar

data/policy/core/16/apparmor/unity8-contacts

data/policy/core/16/apparmor/upower-observe

data/policy/core/16/apparmor/vcio

data/policy/core/16/apparmor/wayland

data/policy/core/16/apparmor/x11

data/policy/core/16/seccomp

data/policy/core/16/seccomp/account-control

data/policy/core/16/seccomp/adb-support

data/policy/core/16/seccomp/alsa

data/policy/core/16/seccomp/audio-playback

data/policy/core/16/seccomp/audio-record

data/policy/core/16/seccomp/autopilot-introspection

data/policy/core/16/seccomp/avahi-control

data/policy/core/16/seccomp/avahi-observe

data/policy/core/16/seccomp/block-devices

data/policy/core/16/seccomp/bluetooth-control

data/policy/core/16/seccomp/bluez

data/policy/core/16/seccomp/broadcom-asic-control

data/policy/core/16/seccomp/browser-support

data/policy/core/16/seccomp/camera

data/policy/core/16/seccomp/can-bus

data/policy/core/16/seccomp/cifs-mount

data/policy/core/16/seccomp/classic-support

data/policy/core/16/seccomp/core-support

data/policy/core/16/seccomp/cpu-control

data/policy/core/16/seccomp/daemon-notify

data/policy/core/16/seccomp/dcdbas-control

data/policy/core/16/seccomp/device-buttons

data/policy/core/16/seccomp/display-control

data/policy/core/16/seccomp/docker

data/policy/core/16/seccomp/docker-support

data/policy/core/16/seccomp/dvb

data/policy/core/16/seccomp/firewall-control

data/policy/core/16/seccomp/framebuffer

data/policy/core/16/seccomp/fuse-support

data/policy/core/16/seccomp/fwupd

data/policy/core/16/seccomp/gpg-keys

data/policy/core/16/seccomp/gpg-public-keys

data/policy/core/16/seccomp/gpio-control

data/policy/core/16/seccomp/gpio-memory-control

data/policy/core/16/seccomp/greengrass-support

data/policy/core/16/seccomp/hardware-observe

data/policy/core/16/seccomp/hardware-random-control

data/policy/core/16/seccomp/hardware-random-observe

data/policy/core/16/seccomp/home

data/policy/core/16/seccomp/hostname-control

data/policy/core/16/seccomp/intel-mei

data/policy/core/16/seccomp/io-ports-control

data/policy/core/16/seccomp/joystick

data/policy/core/16/seccomp/kernel-crypto-api

data/policy/core/16/seccomp/kernel-module-control

data/policy/core/16/seccomp/kernel-module-observe

data/policy/core/16/seccomp/kubernetes-support

data/policy/core/16/seccomp/kvm

data/policy/core/16/seccomp/location-control

data/policy/core/16/seccomp/location-observe

data/policy/core/16/seccomp/log-observe

data/policy/core/16/seccomp/login-session-control

data/policy/core/16/seccomp/login-session-observe

data/policy/core/16/seccomp/lxd

data/policy/core/16/seccomp/lxd-support

data/policy/core/16/seccomp/maliit

data/policy/core/16/seccomp/media-hub

data/policy/core/16/seccomp/mir

data/policy/core/16/seccomp/modem-manager

data/policy/core/16/seccomp/mount-observe

data/policy/core/16/seccomp/multipass-support

data/policy/core/16/seccomp/netlink-audit

data/policy/core/16/seccomp/netlink-connector

data/policy/core/16/seccomp/network

data/policy/core/16/seccomp/network-bind

data/policy/core/16/seccomp/network-control

data/policy/core/16/seccomp/network-manager

data/policy/core/16/seccomp/network-manager-observe

data/policy/core/16/seccomp/network-observe

data/policy/core/16/seccomp/network-setup-control

data/policy/core/16/seccomp/network-setup-observe

data/policy/core/16/seccomp/ofono

data/policy/core/16/seccomp/online-accounts-service

data/policy/core/16/seccomp/opengl

data/policy/core/16/seccomp/openvswitch-support

data/policy/core/16/seccomp/personal-files

data/policy/core/16/seccomp/physical-memory-control

data/policy/core/16/seccomp/physical-memory-observe

data/policy/core/16/seccomp/power-control

data/policy/core/16/seccomp/ppp

data/policy/core/16/seccomp/process-control

data/policy/core/16/seccomp/pulseaudio

data/policy/core/16/seccomp/raw-usb

data/policy/core/16/seccomp/removable-media

data/policy/core/16/seccomp/shutdown

data/policy/core/16/seccomp/snapd-control

data/policy/core/16/seccomp/ssh-keys

data/policy/core/16/seccomp/ssh-public-keys

data/policy/core/16/seccomp/storage-framework-service

data/policy/core/16/seccomp/system-backup

data/policy/core/16/seccomp/system-files

data/policy/core/16/seccomp/system-observe

data/policy/core/16/seccomp/system-trace

data/policy/core/16/seccomp/thumbnailer-service

data/policy/core/16/seccomp/time-control

data/policy/core/16/seccomp/timeserver-control

data/policy/core/16/seccomp/timezone-control

data/policy/core/16/seccomp/tpm

data/policy/core/16/seccomp/u2f-devices

data/policy/core/16/seccomp/ubuntu-download-manager

data/policy/core/16/seccomp/udisks2

data/policy/core/16/seccomp/uhid

data/policy/core/16/seccomp/unity8

data/policy/core/16/seccomp/unity8-calendar

data/policy/core/16/seccomp/unity8-contacts

data/policy/core/16/seccomp/upower-observe

data/policy/core/16/seccomp/wayland

data/policy/core/16/seccomp/x11

policy

policy-app

policy-app/extract

policy-app/test-snapd-policy-app-consumer

policy-app/test-snapd-policy-app-consumer/bin

policy-app/test-snapd-policy-app-consumer/bin/run

policy-app/test-snapd-policy-app-consumer/meta

policy-app/test-snapd-policy-app-consumer/meta/gui

policy-app/test-snapd-policy-app-consumer/meta/gui/test-desktop.desktop

policy-app/test-snapd-policy-app-consumer/meta/snap.yaml

policy-app/test-snapd-policy-app-provider-classic

policy-app/test-snapd-policy-app-provider-classic/bin

policy-app/test-snapd-policy-app-provider-classic/bin/run

policy-app/test-snapd-policy-app-provider-classic/meta

policy-app/test-snapd-policy-app-provider-classic/meta/snap.yaml

policy-app/test-snapd-policy-app-provider-core

policy-app/test-snapd-policy-app-provider-core/bin

policy-app/test-snapd-policy-app-provider-core/bin/run

policy-app/test-snapd-policy-app-provider-core/meta

policy-app/test-snapd-policy-app-provider-core/meta/snap.yaml

setup.cfg

setup.py

snapcraft.yaml

src/Makefile

src/audit-arch.c

src/id-range.c

test.log

test.log.output.classic

test.log.output.core

test.output.audit-arch

test.sh

Show diffs side-by-side

added added

removed removed

data/policy/classic/16/seccomp/browser-support

# Description: Can access various APIs needed by modern browsers (eg, Google

# Chrome/Chromium and Mozilla) and file paths they expect. This interface is

# transitional and is only in place while upstream's work to change their paths

# and snappy is updated to properly mediate the APIs.

# for anonymous sockets

bind

listen

accept4

# TODO: fine-tune when seccomp arg filtering available in stable distro

# releases

setpriority

# Since snapd still uses SECCOMP_RET_KILL, add a workaround rule to allow mknod

# on character devices since chromium unconditionally performs a mknod() to

# create the /dev/nvidiactl device, regardless of if it exists or not or if the

# process has CAP_MKNOD or not. Since we don't want to actually grant the

# ability to create character devices, we added an explicit deny AppArmor rule

# for this capability. When snapd uses SECCOMP_RET_ERRNO, we can remove this

# rule.

# https://forum.snapcraft.io/t/call-for-testing-chromium-62-0-3202-62/2569/46

mknod - |S_IFCHR -

mknodat - - |S_IFCHR -

Older »