mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
28 lines
816 B
Plaintext
28 lines
816 B
Plaintext
# vim:syntax=apparmor
|
|
# Profile for restricting lightdm guest session
|
|
|
|
include <tunables/global>
|
|
|
|
/usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session {
|
|
# Most applications are confined via the main abstraction
|
|
include <abstractions/lightdm>
|
|
|
|
# chromium-browser needs special confinement due to its sandboxing
|
|
include <abstractions/lightdm_chromium-browser>
|
|
|
|
# fcitx and friends needs special treatment due to C/S design
|
|
/usr/bin/fcitx ix,
|
|
/tmp/fcitx-socket-* rwl,
|
|
/dev/shm/* rwl,
|
|
/usr/bin/fcitx-qimpanel ix,
|
|
/usr/bin/sogou-qimpanel-watchdog ix,
|
|
/usr/bin/sogou-sys-notify ix,
|
|
/tmp/sogou-qimpanel:* rwl,
|
|
|
|
# Allow ibus
|
|
unix (bind, listen) type=stream addr="@tmp/ibus/*",
|
|
|
|
# mozc_server needs special treatment due to C/S design
|
|
unix (bind, listen) type=stream addr="@tmp/.mozc.*",
|
|
}
|