mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-16 16:33:50 +01:00
18 lines
858 B
Plaintext
18 lines
858 B
Plaintext
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2020-2021 Mikhail Morfikov
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
# The goal of this abstraction is preventing apps (GUI) to be run as the root user by restraining
|
|
# access to the /root/ dir and its subdirectories. If you don't want to start an app as the super
|
|
# user (possibly by mistake), just include this abstraction in the app's AppArmor profile.
|
|
#
|
|
# Note that some apps will work anyway when run as root even if all of the files in the /root/
|
|
# are denied. Anyway, most of the apps refuse to start when they don't get the access to the
|
|
# needed files in the user home dir.
|
|
|
|
abi <abi/3.0>,
|
|
|
|
# Use audit for now to see whether some apps are trying to get access to the /root/ dir.
|
|
audit deny /root/{,**} rwkmlx,
|
|
|
|
include if exists <abstractions/deny-root-dir-access.d> |