mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 16:03:51 +01:00
47 lines
1.1 KiB
Plaintext
47 lines
1.1 KiB
Plaintext
# vim:syntax=apparmor
|
|
|
|
# This abstraction is designed to be used in a child profile to limit what
|
|
# confined application can invoke via gvfs-open helper.
|
|
#
|
|
# NOTE: most likely you want to use xdg-open abstraction instead for better
|
|
# portability across desktop environments, unless you are sure that confined
|
|
# application only uses /usr/bin/gvfs-open directly.
|
|
#
|
|
# Usage example:
|
|
#
|
|
# ```
|
|
# profile foo /usr/bin/foo {
|
|
# ...
|
|
# /usr/bin/gvfs-open rPx -> foo//gvfs-open,
|
|
# ...
|
|
# } # end of main profile
|
|
#
|
|
# # out-of-line child profile
|
|
# profile foo//gvfs-open {
|
|
# include <abstractions/gvfs-open>
|
|
#
|
|
# # needed for ubuntu-* abstractions
|
|
# include <abstractions/ubuntu-helpers>
|
|
#
|
|
# # Only allow to handle http[s]: and mailto: links
|
|
# include <abstractions/ubuntu-browsers>
|
|
# include <abstractions/ubuntu-email>
|
|
#
|
|
# # < add additional allowed applications here >
|
|
# }
|
|
# ```
|
|
|
|
include <abstractions/base>
|
|
|
|
# gvfs-open is deprecated, it launches gio open <uri>
|
|
include <abstractions/gio-open>
|
|
|
|
# Main executables
|
|
|
|
/usr/bin/gvfs-open r,
|
|
/{,usr/}bin/dash mr,
|
|
|
|
# Include additions to the abstraction
|
|
include if exists <abstractions/gvfs-open.d>
|
|
|