mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-09 02:41:03 +01:00
44 lines
1.1 KiB
Text
44 lines
1.1 KiB
Text
|
# vim:syntax=apparmor
|
||
|
|
|
||
|
|
# This abstraction is designed to be used in a child profile to limit what
|
||
|
|
# confined application can invoke via gvfs-open helper.
|
||
|
|
#
|
||
|
|
# NOTE: most likely you want to use xdg-open abstraction instead for better
|
||
|
|
# portability across desktop environments, unless you are sure that confined
|
||
|
|
# application only uses /usr/bin/gvfs-open directly.
|
||
|
|
#
|
||
|
|
# Usage example:
|
||
|
|
#
|
||
|
|
# ```
|
||
|
|
# profile foo /usr/bin/foo {
|
||
|
|
# ...
|
||
|
|
# /usr/bin/gvfs-open rPx -> foo//gvfs-open,
|
||
|
|
# ...
|
||
|
|
# } # end of main profile
|
||
|
|
#
|
||
|
|
# # out-of-line child profile
|
||
|
|
# profile foo//gvfs-open {
|
||
|
|
# #include <abstractions/gvfs-open>
|
||
|
|
#
|
||
|
|
# # needed for ubuntu-* abstractions
|
||
|
|
# #include <abstractions/ubuntu-helpers>
|
||
|
|
#
|
||
|
|
# # Only allow to handle http[s]: and mailto: links
|
||
|
|
# #include <abstractions/ubuntu-browsers>
|
||
|
|
# #include <abstractions/ubuntu-email>
|
||
|
|
#
|
||
|
|
# # < add additional allowed applications here >
|
||
|
|
# }
|
||
|
|
# ```
|
||
|
|
|
||
|
|
#include <abstractions/base>
|
||
|
|
|
||
|
|
# gvfs-open is deprecated, it launches gio open <uri>
|
||
|
|
#include <abstractions/gio-open>
|
||
|
|
|
||
|
|
# Main executables
|
||
|
|
|
||
|
|
/usr/bin/gvfs-open r,
|
||
|
|
/{,usr/}bin/dash mr,
|
||
|
|
|