diff --git a/apparmor.d/profiles-s-z/usr.bin.irssi b/apparmor.d/profiles-s-z/usr.bin.irssi deleted file mode 100644 index acdf9eab..00000000 --- a/apparmor.d/profiles-s-z/usr.bin.irssi +++ /dev/null @@ -1,53 +0,0 @@ -# Author: Jamie Strandboge -# For use with irssi within screen -include - -/usr/bin/irssi flags=(complain) { - include - include - include - include - - /usr/share/irssi/themes/*.theme r, - /usr/share/irssi/help/* r, - # Enable system wide scripts - /usr/share/irssi/scripts/* r, - /usr/share/ca-certificates/** r, - @{PROC}/uptime r, - /{usr/,}bin/dash ix, - - # for screen_away - include - /usr/bin/screen ix, - owner /{,var/}run/screen/** r, - owner /{,var/}run/screen/S-[a-zA-Z0-9]*/[0-9]* w, - @{PROC}/[0-9]*/stat r, - - # for /uptime - /usr/bin/gawk ix, - /usr/bin/expr ix, - /{usr/,}bin/date ix, - - # for /calc - /usr/bin/bc ix, - /{usr/,}bin/which ixr, - - # config files, etc - /etc/irssi.conf r, - owner @{HOME}/.irssi/ r, - owner @{HOME}/.irssi/** r, - owner @{HOME}/.irssi/away.log wk, - owner @{HOME}/.irssi/config{,.autosave} wk, - owner @{HOME}/.irssi/*.theme wk, - - # http://www.irssi.org/documentation/startup states that ~/irclogs is the - # default location for logs. Also allow the common configuration of logging - # inside the .irssi directory. - owner @{HOME}/{.irssi/,}irclogs/ r, - owner @{HOME}/{.irssi/,}irclogs/** rwk, - - # for fnotify - owner @{HOME}/.irssi/fnotify rwk, - - include if exists -} diff --git a/apparmor.d/profiles-s-z/usr.bin.pidgin b/apparmor.d/profiles-s-z/usr.bin.pidgin deleted file mode 100644 index 83075390..00000000 --- a/apparmor.d/profiles-s-z/usr.bin.pidgin +++ /dev/null @@ -1,86 +0,0 @@ -# vim:syntax=apparmor - -include - -/usr/bin/pidgin { - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - - dbus receive - bus=system - path=/org/freedesktop/NetworkManager - interface=org.freedesktop.NetworkManager - member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged,PropertiesChanged} - peer=(label=unconfined), - - dbus send - bus=system - path=/org/freedesktop/NetworkManager - interface=org.freedesktop.NetworkManager - member=state - peer=(label=unconfined), - - deny ptrace, - deny capability sys_ptrace, - deny @{user_share_dirs}/applications/wine/ r, - - owner @{HOME}/.purple/ rw, - owner @{HOME}/.purple/** rwk, - owner @{HOME}/.purple/plugins/*.so m, - owner @{user_config_dirs}/indicators/ rw, - owner @{user_config_dirs}/indicators/** rw, - owner @{user_share_dirs}/applications/ r, - - # Uncomment the two following lines if you want to allow Pidgin to update - # any DConf setting: - # owner @{HOME}/.{cache,config}/dconf/user rw, - # owner /{,var/}run/user/@{uid}/dconf/user rwk, - - /{usr/,}bin/dash rix, - /{usr/,}bin/which rix, - - # NB: the preferred browser and proxy settings must be configured - # in the GNOME preferences: this profile does not allow running - # the corresponding external configuration applications. - /usr/bin/gconftool-2 rPix, - /usr/bin/gnome-open rmix, - /usr/bin/gsettings rix, - /usr/bin/gvfs-open rmix, - /usr/bin/pidgin r, - /usr/bin/xdg-open rmix, - - /etc/purple/prefs.xml r, - - /usr/lib/frei0r-1/*.so rm, - /usr/lib/@{multiarch}/libvisual-*/**.so rm, - /usr/lib/pidgin/*.so rm, - /usr/lib/purple*/*.so rm, - - # pidgin-blinklight plugin - /usr/lib/pidgin-blinklight/blinklight-fixperm rPix, - @{PROC}/acpi/ibm/light rwk, - - /usr/share/purple/ca-certs/ r, - /usr/share/purple/ca-certs/** r, - /usr/share/tcltk/** r, - /usr/share/themes/ r, - - owner @{PROC}/@{pid}/auxv r, - owner @{PROC}/@{pid}/fd/ r, - - include if exists -}