# vim:syntax=apparmor include /usr/bin/pidgin { include include include include include include include include include include include include include include include include dbus receive bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged,PropertiesChanged} peer=(label=unconfined), dbus send bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager member=state peer=(label=unconfined), deny ptrace, deny capability sys_ptrace, deny @{HOME}/.local/share/applications/wine/ r, owner @{HOME}/.purple/ rw, owner @{HOME}/.purple/** rwk, owner @{HOME}/.purple/plugins/*.so m, owner @{HOME}/.config/indicators/ rw, owner @{HOME}/.config/indicators/** rw, owner @{HOME}/.local/share/applications/ r, # Uncomment the two following lines if you want to allow Pidgin to update # any DConf setting: # owner @{HOME}/.{cache,config}/dconf/user rw, # owner /{,var/}run/user/[0-9]*/dconf/user rwk, /{usr/,}bin/dash rix, /{usr/,}bin/which rix, # NB: the preferred browser and proxy settings must be configured # in the GNOME preferences: this profile does not allow running # the corresponding external configuration applications. /usr/bin/gconftool-2 rPix, /usr/bin/gnome-open rmix, /usr/bin/gsettings rix, /usr/bin/gvfs-open rmix, /usr/bin/pidgin r, /usr/bin/xdg-open rmix, /etc/purple/prefs.xml r, /usr/lib/frei0r-1/*.so rm, /usr/lib/@{multiarch}/libvisual-*/**.so rm, /usr/lib/pidgin/*.so rm, /usr/lib/purple*/*.so rm, # pidgin-blinklight plugin /usr/lib/pidgin-blinklight/blinklight-fixperm rPix, @{PROC}/acpi/ibm/light rwk, /usr/share/purple/ca-certs/ r, /usr/share/purple/ca-certs/** r, /usr/share/tcltk/** r, /usr/share/themes/ r, owner @{PROC}/@{pid}/auxv r, owner @{PROC}/@{pid}/fd/ r, # Site-specific additions and overrides. See local/README for details. include }