mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
a20409cf1e
These are needed by e.g. AppImages Closes: https://bugs.launchpad.net/bugs/2098993 Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
41 lines
1.3 KiB
Text
41 lines
1.3 KiB
Text
abi <abi/4.0>,
|
|
include <tunables/global>
|
|
|
|
@{fuse_types} = {fuse,fuse.*,fuseblk,fusectl}
|
|
profile fusermount3 /usr/bin/fusermount3 {
|
|
include <abstractions/base>
|
|
include <abstractions/nameservice-strict>
|
|
|
|
capability sys_admin,
|
|
capability dac_read_search,
|
|
|
|
# Allow both rw and ro type mounts (e.g. AppImage uses ro)
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{HOME}/**/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /mnt/{,**/},
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{run}/user/@{uid}/*/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /media/**/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /tmp/**/,
|
|
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> @{HOME}/**/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> /mnt/{,**/},
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> @{run}/user/@{uid}/*/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> /media/**/,
|
|
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> /tmp/**/,
|
|
|
|
umount @{HOME}/**/,
|
|
umount /mnt/{,**/},
|
|
umount @{run}/user/@{uid}/*/,
|
|
umount /media/**/,
|
|
umount /tmp/**/,
|
|
|
|
/dev/fuse rw,
|
|
|
|
@{etc_ro}/fuse.conf r,
|
|
@{PROC}/@{pid}/mounts r,
|
|
|
|
/usr/bin/fusermount3 mr,
|
|
|
|
include if exists <local/fusermount3>
|
|
}
|
|
|
|
# vim:syntax=apparmor
|