From 25aad109e1ce714d754a8adae4d25e2502e58b58 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Thu, 27 Sep 2018 11:42:03 -0500 Subject: [PATCH] abstractions/private-files-strict: disallow access to the dirs of private files Reference: https://launchpad.net/bugs/1794820 --- .../abstractions/private-files-strict | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict index 91851b8e5..ebfea418c 100644 --- a/profiles/apparmor.d/abstractions/private-files-strict +++ b/profiles/apparmor.d/abstractions/private-files-strict @@ -5,17 +5,17 @@ #include # potentially extremely sensitive files - audit deny @{HOME}/.gnupg/** mrwkl, - audit deny @{HOME}/.ssh/** mrwkl, - audit deny @{HOME}/.gnome2_private/** mrwkl, - audit deny @{HOME}/.gnome2/keyrings/** mrwkl, + audit deny @{HOME}/.gnupg/{,**} mrwkl, + audit deny @{HOME}/.ssh/{,**} mrwkl, + audit deny @{HOME}/.gnome2_private/{,**} mrwkl, + audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl, # don't allow access to any gnome-keyring modules - audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl, - audit deny @{HOME}/.mozilla/** mrwkl, - audit deny @{HOME}/.config/chromium/** mrwkl, - audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl, - audit deny @{HOME}/.evolution/** mrwkl, - audit deny @{HOME}/.config/evolution/** mrwkl, - audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/** mrwkl, - audit deny @{HOME}/.kde{,4}/share/apps/kwallet/** mrwkl, + audit deny /{,var/}run/user/[0-9]*/keyring*{,/,/**} mrwkl, + audit deny @{HOME}/.mozilla/{,**} mrwkl, + audit deny @{HOME}/.config/chromium/{,**} mrwkl, + audit deny @{HOME}/.{,mozilla-}thunderbird/{,**} mrwkl, + audit deny @{HOME}/.evolution/{,**} mrwkl, + audit deny @{HOME}/.config/evolution/{,**} mrwkl, + audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl, + audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,