# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only

  # The goal of this abstraction is preventing apps (GUI) to be run as the root user by restraining
  # access to the /root/ dir and its subdirectories. If you don't want to start an app as the super
  # user (possibly by mistake), just include this abstraction in the app's AppArmor profile.
  #
  # Note that some apps will work anyway when run as root even if all of the files in the /root/
  # are denied. Anyway, most of the apps refuse to start when they don't get the access to the
  # needed files in the user home dir.

  abi <abi/3.0>,

  # Use audit for now to see whether some apps are trying to get access to the /root/ dir.
  audit deny /root/{,**} rwkmlx,