Last active
August 29, 2015 14:06
-
-
Save perguth/c4182fc883ec562d3541 to your computer and use it in GitHub Desktop.
Skype Apparmor profile. `/etc/apparmor.d/local/usr.bin.skype`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Original from https://wiki.archlinux.org/index.php/skype#AppArmor | |
| # Modified to enable file picker out of the box | |
| # License: Gnu FDL | |
| #include | |
| /usr/bin/skype { | |
| #include | |
| #include | |
| #include | |
| #include | |
| #include | |
| #include | |
| #include | |
| # Executables | |
| /usr/bin/skype ixmr, | |
| /usr/lib{,32}/skype/skype ixmr, | |
| /usr/bin/xdg-open PUxmr, | |
| /usr/bin/kde4-config PUxmr, | |
| # Configuration files | |
| owner @{HOME}/.Skype/ rw, | |
| owner @{HOME}/.Skype/** krw, | |
| owner @{HOME}/.config/Skype/ rw, | |
| owner @{HOME}/.config/Skype/** krw, | |
| # Downloads/uploads directory | |
| owner @{HOME}/ r, | |
| owner @{HOME}/Public/ rw, | |
| owner @{HOME}/Public/** krw, | |
| # Libraries | |
| /usr/lib{,32}/libv4l/v4l2convert.so mr, | |
| /usr/share/skype/lib/libQtWebKit.so.4 mr, | |
| # Shared data | |
| /usr/share/skype/ r, | |
| /usr/share/skype/** r, | |
| # Devices | |
| /dev/ r, | |
| /dev/video[0-9]* mrw, | |
| # System information | |
| /etc/machine-id r, | |
| @{PROC}/sys/kernel/{ostype,osrelease} r, | |
| @{PROC}/sys/vm/overcommit_memory r, | |
| @{PROC}/[0-9]*/net/arp r, | |
| owner @{PROC}/[0-9]*/cmdline r, | |
| owner @{PROC}/[0-9]*/status r, | |
| owner @{PROC}/[0-9]*/task/ r, | |
| owner @{PROC}/[0-9]*/task/[0-9]*/stat r, | |
| owner @{PROC}/[0-9]*/fd/ r, | |
| /sys/devices/system/cpu/ r, | |
| /sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_{cur_freq,max_freq} r, | |
| /sys/devices/pci*/*/usb[0-9]*/*/*/modalias r, | |
| /sys/devices/pci*/*/usb[0-9]*/*/*/video4linux/video[0-9]*/dev r, | |
| /sys/devices/pci*/*/usb[0-9]*/*/{idVendor,idProduct,speed} r, | |
| # This probably should go to appropriate abstractions | |
| /etc/asound.conf r, | |
| owner @{HOME}/.config/fontconfig/fonts.conf r, | |
| owner @{HOME}/.config/oxygen-gtk/argb-apps.conf rw, | |
| owner @{HOME}/.config/pulse/cookie krw, | |
| owner @{HOME}/.icons/** r, | |
| owner @{HOME}/.kde4/share/config/kdeglobals krw, | |
| owner @{HOME}/.kde4/share/config/gtkrc-2.0 r, | |
| owner @{HOME}/.kde4/share/config/oxygenrc r, | |
| /usr/share/icons/*/index.theme kr, | |
| /usr/share/nvidia/nvidia-application-profiles-*-rc r, | |
| # Denials | |
| deny owner @{HOME}/.mozilla/ r, | |
| deny owner @{HOME}/.mozilla/** r, | |
| deny /sys/devices/virtual/dmi/** r, | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment