# apparmor.d - Full set of apparmor profiles # Copyright (C) 2019-2021 Mikhail Morfikov # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = /{usr/,}bin/ganyremote profile ganyremote @{exec_path} { include include include include include include include include include include include network inet stream, network inet6 stream, @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/ r, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/rm rix, /{usr/,}bin/{,e}grep rix, /{usr/,}bin/cut rix, /{usr/,}bin/id rix, /{usr/,}bin/which rix, /{usr/,}bin/tr rix, /{usr/,}bin/gawk rix, /{usr/,}bin/anyremote rPx, /{usr/,}bin/ps rPx, /{usr/,}bin/killall rCx -> killall, /{usr/,}bin/pgrep rCx -> pgrep, /{usr/,}bin/pacmd rPUx, /{usr/,}bin/pactl rPUx, # Players /{usr/,}bin/smplayer rPUx, /{usr/,}bin/amarok rPUx, /{usr/,}bin/vlc rPUx, /{usr/,}bin/mpv rPUx, /{usr/,}bin/strawberry rPUx, owner @{HOME}/ r, owner @{HOME}/.anyRemote/{,*} rw, /usr/share/anyremote/{,**} r, deny @{PROC}/sys/kernel/osrelease r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mountinfo r, /etc/fstab r, /usr/share/glib-2.0/schemas/gschemas.compiled r, # Doc dirs deny /usr/local/share/ r, deny /usr/share/ r, deny /usr/share/doc/ r, /usr/share/doc/anyremote{,-data}/ r, profile killall { include include capability sys_ptrace, signal (send) set=(int, term, kill), ptrace (read), /{usr/,}bin/killall mr, # The /proc/ dir is needed to avoid the following error: # /proc: Permission denied @{PROC}/ r, @{PROC}/@{pids}/stat r, } profile pgrep { include include /{usr/,}bin/pgrep mr, # The /proc/ dir and the cmdline file have to be radable to avoid pgrep segfault. @{PROC}/ r, @{PROC}/@{pids}/cmdline r, deny @{PROC}/sys/kernel/osrelease r, /usr/share/anyremote/{,**} r, } include if exists }