1
#include <tunables/global>
4
#include <abstractions/base>
5
#include <abstractions/python>
6
#include <abstractions/private-files-strict>
8
@{HOME}/.cache/tarmac/ w,
9
@{HOME}/.cache/tarmac/** rwl,
11
@{HOME}/.config/tarmac/ w,
12
@{HOME}/.config/tarmac/** rwl,
15
owner /tmp/tarmac/** rwl,
17
owner /var/cache/tarmac/ w,
18
owner /var/cache/tarmac/** rwl,
20
/** Cx -> tarmac_child,
22
profile tarmac_child {
23
#include <abstractions/base>
24
#include <abstractions/bash>
25
#include <abstractions/dbus-session>
26
#include <abstractions/gnome>
27
#include <abstractions/kde>
28
#include <abstractions/perl>
29
#include <abstractions/python>
30
#include <abstractions/private-files-strict>
32
# Need to be able exec most anything, which unfortunately
33
# requires a lot of read permissions
37
# Don't allow access to bzr
38
audit deny @{HOME}/.bazaar/** mrukl,
39
audit deny @{HOME}/.bzr* mrukl,
40
audit deny /**/.bzr/** mrukl,
42
# Don't allow subprocesses to access the tarmac config, or cache
43
audit deny @{HOME}/.cache/tarmac/** mrukl,
44
audit deny @{HOME}/.config/tarmac/** mrukl,
45
audit deny /tmp/tarmac/merge.** mrukl,
46
audit deny /var/cache/tarmac/** mrukl,
48
owner /tmp/tarmac/branch.** rwl,