From f7c6a848bb57dd7b80cf590cab87689e209cb572 Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Fri, 7 Jan 2011 10:44:47 -0600
Subject: [PATCH] abstractions/private-files: don't allow wl to autostart
 directories abstractions/private-files-strict: don't allow access to: -
 chromium - thunderbird - evolution - kmail - kwallet

---
 profiles/apparmor.d/abstractions/private-files        | 2 ++
 profiles/apparmor.d/abstractions/private-files-strict | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files
index 7367e8201..ba7f95fe1 100644
--- a/profiles/apparmor.d/abstractions/private-files
+++ b/profiles/apparmor.d/abstractions/private-files
@@ -14,6 +14,8 @@
 
   # special attention to (potentially) executable files
   audit deny @{HOME}/bin/** wl,
+  audit deny @{HOME}/.config/autostart/** wl,
+  audit deny @{HOME}/.kde/Autostart/** wl,
 
   deny @{HOME}/.bash* mrk,
   audit deny @{HOME}/.bash* wl,
diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index 5f8f3e098..1885c2f30 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -9,4 +9,10 @@
   audit deny @{HOME}/.ssh/** mrwkl,
   audit deny @{HOME}/.gnome2_private/** mrwkl,
   audit deny @{HOME}/.mozilla/** mrwkl,
+  audit deny @{HOME}/.config/chromium/** mrwkl,
+  audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl,
+  audit deny @{HOME}/.evolution/** mrwkl,
+  audit deny @{HOME}/.config/evolution/** mrwkl,
+  audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
+  audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,