2024-12-09 14:00:52 -03:00
|
|
|
#------------------------------------------------------------------
|
|
|
|
|
# Copyright (C) 2024 Canonical Ltd.
|
|
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
|
|
|
# License published by the Free Software Foundation.
|
|
|
|
|
#------------------------------------------------------------------
|
|
|
|
|
# vim: ft=apparmor
|
|
|
|
|
|
|
|
|
|
abi <abi/4.0>,
|
|
|
|
|
|
|
|
|
|
include <tunables/global>
|
|
|
|
|
|
|
|
|
|
profile tar /usr/bin/tar {
|
|
|
|
|
include <abstractions/base>
|
|
|
|
|
|
2025-01-17 17:13:59 -03:00
|
|
|
# used to extract user files as root
|
|
|
|
|
capability chown,
|
2025-02-18 17:11:55 -08:00
|
|
|
capability fowner,
|
2025-01-17 17:13:59 -03:00
|
|
|
|
|
|
|
|
# used to compress user files as root
|
|
|
|
|
capability dac_override,
|
|
|
|
|
capability dac_read_search,
|
|
|
|
|
|
2024-12-10 10:57:45 -03:00
|
|
|
file rwl /**,
|
2024-12-09 14:00:52 -03:00
|
|
|
|
2024-12-10 11:34:28 -03:00
|
|
|
# tar can be made to filter archives through an arbitrary program
|
2024-12-13 12:51:01 -03:00
|
|
|
/{usr{/local,},}/{bin,sbin}/* ix,
|
|
|
|
|
/opt/** ix,
|
2024-12-09 14:00:52 -03:00
|
|
|
|
2024-12-13 12:45:00 -03:00
|
|
|
# tar can compress/extract files over rsh/ssh
|
2025-02-03 16:33:13 -03:00
|
|
|
network stream ip=127.0.0.1,
|
|
|
|
|
network stream ip=::1,
|
2024-12-13 12:45:00 -03:00
|
|
|
|
2024-12-09 14:00:52 -03:00
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
|
|
|
include if exists <local/tar>
|
|
|
|
|
}
|
2024-12-10 10:57:45 -03:00
|
|
|
|
