2012-05-10 01:17:56 -07:00
|
|
|
#
|
|
|
|
|
# Example usage for a program named 'foo' which is installed in /opt/foo
|
|
|
|
|
# $ aa-easyprof --template=sandbox \
|
|
|
|
|
# --template-var="@{APPNAME}=foo" \
|
|
|
|
|
# --policy-groups=opt-application,user-application \
|
|
|
|
|
# /opt/foo/bin/foo
|
|
|
|
|
#
|
|
|
|
|
###ENDUSAGE###
|
|
|
|
|
# vim:syntax=apparmor
|
|
|
|
|
# AppArmor policy for ###NAME###
|
|
|
|
|
|
|
|
|
|
#include <tunables/global>
|
|
|
|
|
|
|
|
|
|
###VAR###
|
|
|
|
|
|
2014-02-13 17:53:40 -08:00
|
|
|
###PROFILEATTACH### {
|
2012-05-10 01:17:56 -07:00
|
|
|
#include <abstractions/base>
|
|
|
|
|
#include <abstractions/gnome>
|
|
|
|
|
#include <abstractions/kde>
|
|
|
|
|
|
2012-08-27 16:43:20 -05:00
|
|
|
#include <abstractions/X>
|
|
|
|
|
audit deny @{HOME}/.Xauthority mrwlk,
|
|
|
|
|
|
2012-05-10 01:17:56 -07:00
|
|
|
/etc/passwd r,
|
|
|
|
|
|
|
|
|
|
/ r,
|
|
|
|
|
/**/ r,
|
|
|
|
|
/usr/** r,
|
|
|
|
|
/var/lib/dbus/machine-id r,
|
|
|
|
|
|
|
|
|
|
owner @{PROC}/[0-9]*/auxv r,
|
|
|
|
|
owner @{PROC}/[0-9]*/fd/ r,
|
|
|
|
|
owner @{PROC}/[0-9]*/environ r,
|
|
|
|
|
owner @{PROC}/[0-9]*/mounts r,
|
|
|
|
|
owner @{PROC}/[0-9]*/smaps r,
|
|
|
|
|
owner @{PROC}/[0-9]*/statm r,
|
|
|
|
|
owner @{PROC}/[0-9]*/task/[0-9]*/stat r,
|
|
|
|
|
|
|
|
|
|
###ABSTRACTIONS###
|
|
|
|
|
|
|
|
|
|
###POLICYGROUPS###
|
|
|
|
|
|
|
|
|
|
###READS###
|
|
|
|
|
|
|
|
|
|
###WRITES###
|
|
|
|
|
}
|
