# vim:syntax=apparmor
# privacy-violations contains rules for common files that you want to explicity
# deny access

  # privacy violations (don't audit files under $HOME otherwise get a
  # lot of false positives when reading contents of directories)
  deny @{HOME}/.*history mrwkl,
  deny @{HOME}/.fetchmail* mrwkl,
  deny @{HOME}/.viminfo* mrwkl,
  deny @{HOME}/.*~ mrwkl,
  deny @{HOME}/.*.swp mrwkl,
  deny @{HOME}/.*~1~ mrwkl,
  deny @{HOME}/.*.bak mrwkl,

  # special attention to (potentially) executable files
  audit deny @{HOME}/bin/** wl,

  deny @{HOME}/.bash* mrk,
  audit deny @{HOME}/.bash* wl,

  deny @{HOME}/.profile* mrk,
  audit deny @{HOME}/.profile* wl,

  deny @{HOME}/.*rc mrk,
  audit deny @{HOME}/.*rc wl,