# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2019-2020 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #abi , #include @{exec_path} = /{usr/,}bin/flameshot profile flameshot @{exec_path} { #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include @{exec_path} mr, /{usr/,}bin/whoami rix, /{usr/,}bin/xdg-open rCx -> open, # Flameshot home files owner @{HOME}/.config/flameshot/ rw, owner @{HOME}/.config/flameshot/flameshot.ini rw, owner @{HOME}/.config/flameshot/#[0-9]*[0-9] rw, owner @{HOME}/.config/flameshot/flameshot.ini* rwl -> @{HOME}/.config/flameshot/#[0-9]*[0-9], owner @{HOME}/.config/flameshot/flameshot.ini.lock rwk, owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, /var/lib/dbus/machine-id r, /etc/machine-id r, /usr/share/hwdata/pnp.ids r, owner /tmp/.*/{,s} rw, owner /tmp/*= rw, owner /tmp/qipc_{systemsem,sharedmemory}_*[0-9a-f]* rw, deny owner @{PROC}/@{pid}/cmdline r, deny @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, /etc/fstab r, /dev/shm/#[0-9]*[0-9] rw, # file_inherit owner /dev/tty[0-9]* rw, owner @{HOME}/.xsession-errors w, profile open { #include #include /{usr/,}bin/xdg-open mr, owner @{HOME}/ r, owner @{run}/user/[0-9]*/ r, # Allowed apps to open # file_inherit owner @{HOME}/.xsession-errors w, } #include if exists }